Biometric security using a fob

ABSTRACT

The present invention discloses a system and methods for biometric security using biometrics in a transponder-reader system. The biometric security system also includes a biometric sensor that detects biometric samples and a device for verifying biometric samples. In one embodiment, the biometric security system includes a transponder configured with a biometric sensor. In another embodiment, the system includes a reader configured with a biometric sensor. The device for verifying samples compares the biometric samples with information stored on databases.

RELATED APPLICATIONS

This application, U.S. Ser. No. 11/858,958, is a divisional of U.S. Ser.No. 10/708,822, filed on Mar. 26, 2004 now U.S. Pat. No. 7,303,120, andentitled “SYSTEM FOR BIOMETRIC SECURITY USING A FOB” ( issued as U.S.Pat. No. 7,303,120 on Dec. 4, 2007), which is a continuation in part ofU.S. Ser. No. 10/340,352, filed Jan. 10, 2003, and entitled “AUTHORIZINGPAYMENT SUBSEQUENT TO RF TRANSACTIONS,” which is a non-provisional ofU.S. Provisional No. 60/396,577, filed Jul. 16, 2002. U.S. Ser. No.10/340,352 is also a continuation-in-part of U.S. patent applicationSer. No. 10/192,488, filed on Jul. 9, 2002, and entitled “SYSTEM ANDMETHOD FOR PAYMENT USING RADIO FREQUENCY IDENTIFICATION IN CONTACT ANDCONTACTLESS TRANSACTIONS” (issued as U.S. Pat. No. 7,239,226 on Jul. 3,2007), which is a non-provisional of U.S. Provisional No. 60/304,216,filed Jul. 10, 2001. U.S. Ser. No. 10/340,352 is also acontinuation-in-part of U.S. patent application Ser. No. 10/318,432,filed Dec. 13, 2002, and entitled “SYSTEM AND METHOD FOR SELECTING LOADOPTIONS FOR USE IN RADIO FREQUENCY IDENTIFICATION IN CONTACT ANDCONTACTLESS TRANSACTIONS,” which is a non-provisional of U.S.Provisional No. 60/396,577 filed Jul. 16, 2002. U.S. Ser. No. 10/340,352is also a continuation-in-part of U.S. patent application Ser. No.10/318,480, filed on Dec. 13, 2002, and entitled “SYSTEM AND METHOD FORASSIGNING A FUNDING SOURCE FOR A RADIO FREQUENCY IDENTIFICATION” (issuedas U.S. Pat. No. 7,249,112 on Jul. 24, 2007), which is a non-provisionalof U.S. Provisional Patent Application No. 60/396,577, filed Jul. 16,2002. All of the above applications are hereby incorporated byreference.

FIELD OF INVENTION

This invention generally relates to a system for using biometrics with atransponder-reader system, and more particularly, to configuring atransponder and transponder-reader for biometric security.

BACKGROUND OF THE INVENTION

Like barcode and voice data entry, RFID is a contactless informationacquisition technology. RFID systems are wireless, and are usuallyextremely effective in hostile environments where conventionalacquisition methods fail. RFID has established itself in a wide range ofmarkets, such as, for example, the high-speed reading of railwaycontainers, tracking moving objects such as livestock or automobiles,and retail inventory applications. As such, RFID technology has become aprimary focus in automated data collection, identification and analysissystems worldwide.

Of late, companies are increasingly embodying RFID data acquisitiontechnology in a fob or tag for use in completing financial transactions.A typical fob includes a transponder and is ordinarily a self-containeddevice which may be contained on any portable form factor. In someinstances, a battery may be included with the fob to power thetransponder. In which case the internal circuitry of the fob (includingthe transponder) may draw its operating power from the battery powersource. Alternatively, the fob may exist independent of an internalpower source. In this instance the internal circuitry of the fob(including the transponder) may gain its operating power directly froman RF interrogation signal. U.S. Pat. No. 5,053,774, issued toSchuermann, describes a typical transponder RF interrogation systemwhich may be found in the prior art. The Schuermann patent describes ingeneral the powering technology surrounding conventional transponderstructures. U.S. Pat. No. 4,739,328, discusses a method by which aconventional transponder may respond to a RF interrogation signal. Othertypical modulation techniques which may be used include, for example,ISO/IEC 14443 and the like.

In the conventional fob powering technologies used, the fob is typicallyactivated upon presenting the fob in an interrogation signal. In thisregard, the fob may be activated irrespective of whether the userdesires such activation. Inadvertent presentation of the fob may resultin initiation and completion of an unwanted transaction. Thus, a fobsystem is needed which allows the fob user to control activation of thefob to limit transactions being undesirably completed.

One of the more visible uses of the RFID technology is found in theintroduction of Exxon/Mobil's Speedpass® and Shell's EasyPay® products.These products use transponders placed in a fob or tag which enablesautomatic identification of the user when the fob is presented at aPoint of Sale (POS) device. Fob identification data is typically passedto a third-party server database, where the identification data isreferenced to a customer (e.g., user) credit or debit account. In anexemplary processing method, the server seeks authorization for thetransaction by passing the transaction and account data to anauthorizing entity. Once authorization is received by the server,clearance is sent to the point of sale device for completion of thetransaction. In this way, the conventional transaction processing methodinvolves an indirect path which causes undue overhead due to the use ofthe third-party server.

A need exists for a transaction authorization system which allows fobtransactions to be authorized while eliminating the cost associated withusing third-party servers.

In addition, conventional fobs are limited in that they must be used inproximity to the Point of Sale device. That is, for fob activation,conventional fobs must be positioned within the area of transmissioncast by the RF interrogation signal. More particularly, conventionalfobs are not effective for use in situations where the user wishes toconduct a transaction at a point of interaction such as a computerinterface.

Therefore, a need exists for a fob embodying RFID acquisitiontechnology, which is capable of use at a point of interaction device andwhich is additionally capable of facilitating transactions via acomputer interface connected to a network (e.g., the Internet).

Existing transponder-reader payment systems are also limited in that theconventional fob used in the systems is only responsive to oneinterrogation signal. Where multiple interrogation signals are used, thefob is only responsive to the interrogation signal to which it isconfigured. Thus, if the RFID reader of the system provides only aninterrogation signal to which the fob is incompatible, the fob will notbe properly activated.

Therefore, a need exists for a fob which is responsive to more than oneinterrogation signal.

Existing transponder-reader payment systems are additionally limited inthat the payment systems are typically linked to a funding sourceassociated with the transponder which includes a predetermined spendinglimit. Thus no flexibility is provided in instances where the payment isrequested which exceeds the predetermined spending limit. This istypically true in that traditional methods for processing a requestedtransaction involve comparing the transaction to the spending limit orto an amount stored in a preloaded value data file prior to providingtransaction authorization to a merchant.

Thus, a system is needed which processes transponder-reader paymentrequests irrespective of the spending limit assigned to an associatedtransponder-reader payment system funding source.

Further, traditional transponder-reader systems do not permit the userto manage the system user account data. This is extremely problematicwhere the user wishes to change a transponder-reader system fundingsource to a source which provides more available spending room, or wherechanges are made to the user's status (e.g., change in address, phonenumber, email, etc.) for which the transponder-reader account providerwishes to readily update the user's account.

Thus a need exists for a transponder-reader system which will allow theuser limited access to the transponder-reader account for managingaccount data.

Further still, existing transponder-reader systems do not usually permitmeans for automatically incenting the use of the fob associated with thesystem as opposed to the credit or charge card associated with the fob.That is, conventional transponder-reader systems do not provide a meansfor encouraging usage of the transponder reader system by encouraginguse of the fob product since the present systems do not sufficientlydistinguish between usage of a system transponder and a charge or creditcard account associated with the transponder.

Consequently, a need exists for a transponder-reader system which iscapable of determining when a system transponder is used, and providingan incentive for such usage.

Still further, present systems are limited in that the systems areunable to track credit or charge card usage and fob usage for a singlefunding source. For example, in typical prior art systems, a fob may belinked to a specified funding source (e.g., American Express,MasterCard, Visa, etc.) which may be used to provide funds forsatisfaction of a transaction request. The funding source mayadditionally have a consumer credit or charge card which may beassociated with the fob and which may be used for contact transactions.Where the credit or charge card is used, a statement reporting the cardusage is provided to the card user. However, the reporting statementdoes not include a reporting of the fob product usage. Thus, a fob useris unable to adequately chart, analyze or compare fob usage to the usageof the associated card. This is especially problematic where the fundingsource is used by more than one entity (e.g., spouses, multiple companypersonnel, etc.) or where one entity may use the fob and a separateentity may use the card associated with the fob.

Thus, a need exists for a transponder-reader payment system which wouldpermit reporting of the fob usage and the credit card usage in a singlefile.

SUMMARY OF THE INVENTION

Described herein is a system and method for using RFID technology toinitiate and complete financial transactions. The transponder-readerpayment system described herein may include a RFID reader operable toprovide a RF interrogation signal for powering a transponder system,receiving a transponder system RF signal, and providing transpondersystem account data relative to the transponder system RF signal. Thetransponder-reader payment system may include a RFID protocol/sequencecontroller in electrical communication with one or more interrogatorsfor providing an interrogation signal to a transponder, a RFIDauthentication circuit for authenticating the signal received from thetransponder, a serial or parallel interface for interfacing with a pointof interaction device, and an USB or serial interface for use inpersonalizing the RFID reader and/or the transponder. Thetransponder-reader payment system may further include a fob includingone or more transponders (e.g., modules) responsive to one or moreinterrogation signals and for providing an authentication signal forverifying that the transponder and/or the RFID reader are authorized tooperate within the transponder-reader payment system. In this way, thefob may be responsive to multiple interrogation signals provided atdifferent frequencies. Further, the fob may include a USB or serialinterface for use with a computer network or with the RFID reader.

The RFID system and method according to the present invention mayinclude a transponder which may be embodied in a fob, tag, card or anyother form factor (e.g., wristwatch, keychain, cell phone, etc.), whichmay be capable of being presented for interrogation. In that regard,although the transponder is described herein as embodied in a fob, theinvention is not so limited.

The system may further include a RFID reader configured to send astanding RFID recognition signal which may be transmitted from the RFIDreader via radio frequency (or electromagnetic) propagation. The fob maybe placed within proximity to the RFID reader such that the RFID signalmay interrogate the fob and initialize fob identification procedures.

In one exemplary embodiment, as a part of the identification process,the fob and the RFID reader may engage in mutual authentication. TheRFID reader may identify the fob as including an authorized systemtransponder for receiving encrypted information and storing theinformation on the fob memory. Similarly, the fob, upon interrogation bythe RFID reader, may identify the RFID reader as authorized to receivethe encrypted and stored information. Where the RFID reader and the fobsuccessfully mutually authenticate, the fob may transmit to the RFIDreader certain information identifying the transaction account oraccounts to which the fob is associated. The RFID reader may receive theinformation and forward the information to facilitate the completion ofa transaction. In one exemplary embodiment, the RFID reader may forwardthe information to a point of interaction device (e.g., POS or computerinterface) for transaction completion. The mutual authorization processdisclosed herein aids in ensuring fob transponder-reader payment systemsecurity.

In another exemplary embodiment, the fob according to the presentinvention, includes means for completing transactions via a computerinterface. The fob may be connected to the computer using a USB orserial interface fob account information may be transferred to thecomputer for use in completing a transaction via a network (e.g., theInternet).

In yet another exemplary embodiment of the present invention, a systemis provided which incents usage of the transponder-reader systemtransponder (e.g., fob). The system distinguishes between the usage of afob and the usage of a charge or credit card sharing the same fundingsource as the fob. Where the fob is used, the system may provideincentives to the user based on criteria predetermined by the fobissuer. Additionally, where a preloaded fob system is used, the presentinvention recognizes when the associated fob preloaded value data fileis loaded or reloaded with funds. The invention then may provide rewardpoints based on the criteria associated with the loading or reloadingaction. Further, the system according to this invention may incentpatronage of a merchant. In this case, the system may receive a fobtransaction request and incent the fob user based on a marker or otheridentifier correlated with the merchant. The marker may be included inthe transaction identification, in a merchant identification providedwith the transaction, or a combination of both.

In still another exemplary embodiment of the invention, a system isdisclosed which enables the fob user/owner to manage the accountassociated with the fob. The user is provided limited access to all or aportion of the fob account information stored on the account providerdatabase for updating, for example, demographic information, accountfunding source, and/or account restrictions (e.g., spending limits,personal identification number, etc.). Access to all or a portion of theaccount may be provided to the user telephonically, via a network (e.g.,online) or via offline communications. For example, the fob user may beprovided access to a system which has delayed communications with theaccount provider database wherein such a system may include, forexample, a kiosk which provides batch transmissions to the accountprovider system. In this way, the fob user/owner may update his accountinformation in real-time (e.g., telephonically or online) or at the timethe account provider receives the updated information (e.g., offline).

In a further exemplary embodiment, the present invention providesmethods for processing a transaction request whereby the amount of thetransaction request may be approved prior to requesting funding from thefunding source and/or verifying that the amount for completing thetransaction is available. In this way, the transaction may be approvedprovided the transaction and/or account meets certain predeterminedauthorization criteria. Once the criteria is met, the transaction isauthorized and authorization is provided to the requesting agent (e.g.,merchant). In one instance the payment for the transaction is requestedfrom the finding source simultaneously to, or immediately following, theproviding of the authorization to the merchant. In another instance, thepayment for transactions is requested at a time period later than whenthe authorization is provided to the merchant.

In yet another embodiment, the transponder, transponder-reader, and/ortransponder-reader system are configured with a biometric securitysystem. The biometric security system includes a transponder and areader communicating with the system. The biometric security system alsoincludes a biometric sensor that detects biometric samples and a devicefor verifying biometric samples.

These features and other advantages of the system and method, as well asthe structure and operation of various exemplary embodiments of thesystem and method, are described below.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, wherein like numerals depict like elements,illustrate exemplary embodiments of the present invention, and togetherwith the description, serve to explain the principles of the invention.In the drawings:

FIG. 1A illustrates an exemplary RFID-based system in accordance withthe present invention, wherein exemplary components used for fobtransaction completion are depicted;

FIG. 1B illustrates an exemplary personalization system in accordancewith the present invention;

FIG. 2 is a schematic illustration of an exemplary fob in accordancewith the present invention;

FIG. 3 is a schematic illustration of an exemplary RFID reader inaccordance with the present invention;

FIG. 4 is an exemplary flow diagram of an exemplary authenticationprocess in accordance with the present invention;

FIG. 5 is an exemplary flow diagram of an exemplary decision process fora protocol/sequence controller in accordance with the present invention;

FIGS. 6A-B are an exemplary flow diagram of a fob personalizationprocess in accordance with the present invention;

FIGS. 7A-B are an exemplary flow diagram of a RFID readerpersonalization process in accordance with the present invention;

FIG. 8 is a flow diagram of an exemplary payment/transaction process inaccordance with the present invention;

FIG. 9 is another schematic illustration of an exemplary fob inaccordance with the present invention;

FIG. 10 is a depiction of an exemplary preloaded fob payment/transactionprocess in accordance with the present invention;

FIGS. 11A-B are a depiction of an exemplary preloaded fob account reloadprocess in accordance with the present invention;

FIG. 12 is a depiction of an exemplary Direct Link payment/transactionprocess in accordance with the present invention;

FIG. 13 is a depiction of another exemplary payment/transaction processin accordance with the present invention;

FIG. 14 is a depiction of an exemplary biometrics process in accordancewith the present invention;

FIG. 15 is another schematic illustration of an exemplary fob inaccordance with the present invention; and

FIG. 16 another schematic illustration of an exemplary fob in accordancewith the present invention.

DETAILED DESCRIPTION

The present invention may be described herein in terms of functionalblock components, screen shots, optional selections and variousprocessing steps. Such functional blocks may be realized by any numberof hardware and/or software components configured to perform tospecified functions. For example, the present invention may employvarious integrated circuit components, (e.g., memory elements,processing elements, logic elements, look-up tables, and the like),which may carry out a variety of functions under the control of one ormore microprocessors or other control devices. Similarly, the softwareelements of the present invention may be implemented with anyprogramming or scripting language such as C, C++, Java, COBOL,assembler, PERL, extensible markup language (XML), JavaCard and MULTOSwith the various algorithms being implemented with any combination ofdata structures, objects, processes, routines or other programmingelements. Further, it should be noted that the present invention mayemploy any number of conventional techniques for data transmission,signaling, data processing, network control, and the like. For a basicintroduction on cryptography, review a text written by Bruce Schneierentitled “Applied Cryptography: Protocols, Algorithms, and Source Codein C,” published by John Wiley & Sons (second edition, 1996), hereinincorporated by reference.

In addition, many applications of the present invention could beformulated. The exemplary network disclosed herein may include anysystem for exchanging data or transacting business, such as theInternet, an intranet, an extranet, WAN, LAN, satellite communications,and/or the like. It is noted that the network may be implemented asother types of networks, such as an interactive television network(ITN).

Where required, the system user may interact with the system via anyinput device such as, a keypad, keyboard, mouse, kiosk, personal digitalassistant, handheld computer (e.g., Palm Pilot®, Blueberry®), cellularphone and/or the like). Similarly, the invention could be used inconjunction with any type of personal computer, network computer, workstation, minicomputer, mainframe, or the like running any operatingsystem such as any version of Windows, Windows NT, Windows 2000, Windows98, Windows 95, MacOS, OS/2, BeOS, Linux, UNIX, Solaris or the like.Moreover, although the invention may frequently be described as beingimplemented with TCP/IP communications protocol, it should be understoodthat the invention could also be implemented using SNA, IPX, Appletalk,IPte, NetBIOS, OSI or any number of communications protocols. Moreover,the system contemplates, the use, sale, or distribution of any goods,services or information over any network having similar functionalitydescribed herein.

FIG. 1A illustrates an exemplary RFID transaction system 100A inaccordance with the present invention, wherein exemplary components foruse in completing a fob transaction are depicted. In general, theoperation of system 100A may begin when a fob 102 is presented forpayment, and is interrogated by a RFID reader 104 or, alternatively,interface 134. Fob 102 and RFID reader 104 may then engage in mutualauthentication after which the transponder 114 may provide thetransponder identification and/or account identifier to RFID reader 104which may further provide the information to the merchant system 130 POSdevice 110.

System 100A may include fob 102 having a transponder 114 and RFID reader104 in RF communication with fob 102. Although the present invention isdescribed with respect to fob 102, the invention is not to be solimited. Indeed, system 100 may include any device having a transponderwhich is configured to communicate with RFID reader 104 via RF,communication. Typical devices may include, for example, a key ring,tag, card, cell phone, wristwatch or any such form capable of beingpresented for interrogation.

RFID reader 104 may be configured to communicate using a RFID internalantenna 106. Alternatively, RFID reader 104 may include an externalantenna 108 for communications with fob 102, where the external antennamay be made remote to RFID reader 104 using a suitable cable and/or datalink 120. RFID reader 104 may be further in communication with amerchant system 130 via a data link 122. System 100A may include atransaction completion system including a point of interaction devicesuch as, for example, a merchant point of sale (POS) device 110 or acomputer interface (e.g., user interface) 134. In one exemplaryembodiment the transaction completion system may include a merchantsystem 130 including POS device 110 in communication with RFID reader104 (via data link 122). As described more fully below, the transactioncompletion system may include user interface 134 connected to a network136 and to the transponder via a USB connector 132.

Although the point of interaction device is described herein withrespect to a merchant point of sale (POS) device, the invention is notto be so limited. Indeed, a merchant POS device is used herein by way ofexample, and the point of interaction device may be any device capableof receiving fob account data. In this regard, the POS may be any pointof interaction device enabling the user to complete a transaction usingfob 102. POS device 110 may be in further communication with a customerinterface 118 (via data link 128) for entering at least a customeridentity verification information. In addition, POS device 110 may be incommunication with a merchant host network 112 (via data link 124) forprocessing any transaction request. In this arrangement, informationprovided by RFID reader 104 is provided to POS device 110 of merchantsystem 130 via data link 122. POS device 110 may receive the information(and alternatively may receive any identity verifying information fromcustomer interface 118 via data link 128) and provide the information tohost system 112 for processing.

A variety of conventional communications media and protocols may be usedfor data links 120, 122, 124, and 128. For example, data links 120, 122,124, and 128 may be an Internet Service Provider (ISP) configured tofacilitate communications over a local loop as is typically used inconnection with standard modem communication, cable modem, dishnetworks, ISDN, Digital Subscriber Lines (DSL), or any wirelesscommunication media. In addition, merchant system 130 including POSdevice 110 and host network 112 may reside on a local area network whichinterfaces to a remote network (not shown) for remote authorization ofan intended transaction. Merchant system 130 may communicate with theremote network via a leased line, such as a T1, D3 line, or the like.Such communications lines are described in a variety of texts, such as,“Understanding Data Communications,” by Gilbert Held, which isincorporated herein by reference.

An account number, as used herein, may include any identifier for anaccount (e.g., credit, charge debit, checking, savings, reward, loyalty,or the like) which may be maintained by a transaction account provider(e.g., payment authorization center) and which may be used to complete afinancial transaction. A typical account number (e.g., account data) maybe correlated to a credit or debit account, loyalty account, or rewardsaccount maintained and serviced by such entities as American Express®,Visa® and/or MasterCard® or the like. For ease in understanding, thepresent invention may be described with respect to a credit account.However, it should be noted that the invention is not so limited andother accounts permitting an exchange of goods and services for anaccount data value is contemplated to be within the scope of the presentinvention.

In addition, the account number (e.g., account data) may be associatedwith any device, code, or other identifier/indicia suitably configuredto allow the consumer to interact or communicate with the system, suchas, for example, authorization/access code, personal identificationnumber (PIN), Internet code, digital certificate, biometric data, and/orother identification indicia. The account number may be optionallylocated on a rewards card, charge card, credit card, debit card, prepaidcard, telephone card, smart card, magnetic stripe card, bar code card,and/or the like. The account number may be distributed and stored in anyform of plastic, electronic, magnetic, and/or optical device capable oftransmitting or downloading data to a second device. A customer accountnumber may be, for example, a sixteen-digit credit card number, althougheach credit provider has its own numbering system, such as thefifteen-digit numbering system used by American Express®. Each company'scredit card numbers comply with that company's standardized format suchthat the company using a sixteen-digit format will generally use fourspaced sets of numbers, as represented by the number “0000 0000 00000000”. In a typical example, the first five to seven digits are reservedfor processing purposes and identify the issuing bank, card type and,etc. In this example, the last sixteenth digit is used as a sum checkfor the sixteen-digit number. The intermediary eight-to-ten digits areused to uniquely identify the customer. The account number stored asTrack 1 and Track 2 data as defined in ISO/IEC 7813, and further may bemade unique to fob 102. In one exemplary embodiment, the account numbermay include a unique fob serial number and user identification number,as well as specific application applets. The account number may bestored in fob 102 inside a database 214, as described more fully below.Database 214 may be configured to store multiple account numbers issuedto fob 102 user by the same or different account providing institutions.Where the account data corresponds to a loyalty or rewards account,database 214 may be configured to store the attendant loyalty or rewardspoints data.

FIG. 2 illustrates a block diagram of the many functional blocks of anexemplary fob 102 in accordance with the present invention. Fob 102 maybe a RFID fob 102 which may be presented by the user to facilitate anexchange of funds or points, etc., for receipt of goods or services. Asdescribed herein, by way of example, fob 102 may be a RFID fob which maybe presented for facilitating payment for goods and/or services.

Fob 102 may include an antenna 202 for receiving an interrogation signalfrom RFID reader 104 via antenna 106 (or alternatively, via externalantenna 108). Fob antenna 202 may be in communication with a transponder114. In one exemplary embodiment, transponder 114 may be a 13.56 MHztransponder compliant with the ISO/IEC 14443 standard, and antenna 202may be of the 13 MHz variety. Transponder 114 may be in communicationwith a transponder compatible modulator/demodulator 206 configured toreceive the signal from transponder 114 and configured to modulate thesignal into a format readable by any later connected circuitry. Further,modulator/demodulator 206 may be configured to format (e.g., demodulate)a signal received from the later connected circuitry in a formatcompatible with transponder 114 for transmitting to RFID reader 104 viaantenna 202. For example, where transponder 114 is of the 13.56 MHzvariety, modulator/demodulator 206 may be ISO/IEC 14443-2 compliant.

Modulator/demodulator 206 may be coupled to a protocol/sequencecontroller 208 for facilitating control of the authentication of thesignal provided by RFID reader 104, and for facilitating control of thesending of fob 102 account number. In this regard, protocol/sequencecontroller 208 may be any suitable digital or logic driven circuitrycapable of facilitating determination of the sequence of operation forfob 102 inner-circuitry. For example, protocol/sequence controller 208may be configured to determine whether the signal provided by RFIDreader 104 is authenticated, and thereby providing to RFID reader 104the account number stored on fob 102.

Protocol/sequence controller 208 may be further in communication withauthentication circuitry 210 for facilitating authentication of thesignal provided by RFID reader 104. Authentication circuitry may befurther in communication with a non-volatile secure memory database 212.Secure memory database 212 may be any suitable elementary file systemsuch as that defined by ISO/IEC 7816-4 or any other elementary filesystem allowing a lookup of data to be interpreted by the application onthe chip. Database 212 may be any type of database, such as relational,hierarchical, object-oriented, and/or the like. Common database productsthat may be used to implement the databases include DB2 by IBM (WhitePlains, N.Y.), any of the database products available from OracleCorporation (Redwood Shores, Calif.), Microsoft Access or MSSQL byMicrosoft Corporation (Redmond, Wash.), or any other database product.Database 212 may be organized in any suitable manner, including as datatables or lookup tables. Association of certain data may be accomplishedthrough any data association technique known and practiced in the art.For example, the association may be accomplished either manually orautomatically. Automatic association techniques may include, forexample, a database search, a database merge, GREP, AGREP, SQL, and/orthe like. The association step may be accomplished by a database mergefunction, for example, using a “key field” in each of the manufacturerand retailer data tables. A “key field” partitions the databaseaccording to the high-level class of objects defined by the key field.For example, a certain class may be designated as a key field in boththe first data table and the second data table, and the two data tablesmay then be merged on the basis of the class data in the key field. Inthis embodiment, the data corresponding to the key field in each of themerged data tables is preferably the same. However, data tables havingsimilar, though not identical, data in the key fields may also be mergedby using AGREP, for example.

The data may be used by protocol/sequence controller 208 for dataanalysis and used for management and control purposes, as well assecurity purposes. Authentication circuitry may authenticate the signalprovided by RFID reader 104 by association of the RFID signal toauthentication keys stored on database 212. Encryption circuitry may usekeys stored on database 212 to perform encryption and/or decryption ofsignals sent to or from RFID reader 104.

In addition, protocol/sequence controller 208 may be in communicationwith a database 214 for storing at least fob 102 account data, and aunique fob 102 identification code. Protocol/sequence controller 208 maybe configured to retrieve the account number from database 214 asdesired. Database 214 may be of the same configuration as database 212described above. The fob account data and/or unique fob identificationcode stored on database 214 may be encrypted prior to storage. Thus,where protocol/sequence controller 208 retrieves the account data, andor unique fob identification code from database 214, the account numbermay be encrypted when being provided to RFID reader 104. Further, thedata stored on database 214 may include, for example, an unencryptedunique fob 102 identification code, a user identification, Track 1 and 2data, as well as specific application applets.

Fob 102 may be configured to respond to multiple interrogation frequencytransmissions provided by RFID reader 104. That is, as described morefully below, RFID reader 104 may provide more than one RF interrogationsignal. In this case, fob 102 may be configured to respond to themultiple frequencies by including in fob 102 one or more additional RFsignal receiving/transmitting units 226. RF signalreceiving/transmitting unit 226 may include an antenna 218 andtransponder 220 where antenna 218 and transponder 220 are compatiblewith at least one of the additional RF signals provided by RFID reader104. For example, in one exemplary embodiment, fob 102 may include a 134KHz antenna 218 configured to communicate with a 134 KHz transponder220. In this exemplary configuration, an ISO/IEC 14443-2 compliantmodulator/demodulator may not be required. Instead, the 134 KHztransponder may be configured to communicate directly withprotocol/sequence controller 208 for transmission and receipt ofauthentication and account number signals as described above.

In another embodiment, fob 102 may further include a universal serialbus (USB) connector 132 for interfacing fob 102 to a user interface 134.User interface 134 may be further in communication with POS device 110via network 136. Network 136 may be the Internet, an intranet, or thelike as is described above with respect to network 112. Further, userinterface 134 may be similar in construction to any conventional inputdevices and/or computing systems aforementioned for permitting thesystem user to interact with the system. In one exemplary embodiment,fob 102 may be configured to facilitate online Internet payments. A USBconverter 222 may be in communication with a USB connector 232 forfacilitating the transfer of information between themodulator/demodulator 206 and USB connector 132. Alternatively, USBconverter 222 may be in communication with protocol/sequence controller208 to facilitate the transfer of information between protocol/sequencecontroller 208 and USB connector 132.

Where fob 102 includes a USB connector 132, fob 102 may be incommunication with, for example, a USB port on user interface 134. Theinformation retrieved from fob 102 may be compatible with credit cardand/or smart card technology enabling usage of interactive applicationson the Internet. No RFID reader may be required in this embodiment sincethe connection to POS device 110 may be made using a USB port on userinterface 134 and network 136.

Fob 102 may include means for enabling activation of the fob by theuser. In one exemplary embodiment, a switch 230 which may be operated bythe user of fob 102. Switch 230 on fob 102 may be used to selectively orinclusively activate fob 102 for particular uses. In this context, theterm “selectively” may mean that switch 230 enables the user to placefob 102 in a particular operational mode. For example, the user mayplace fob 102 in a mode for enabling purchase of a good or of a serviceusing a selected account number. Alternatively, the fob may be placed ina mode as such that the fob account number is provided by USB port 132(or serial port) only and the fob transponder 114 is disabled. Inaddition, the term “inclusively” may mean that fob 102 is placed in anoperational mode permitting fob 102 to be responsive to the RFinterrogation and interrogation via USB connector 132. In one particularembodiment, switch 230 may remain in an OFF position ensuring that oneor more applications or accounts associated with fob 102 arenon-reactive to any commands issued by RFID reader 104. As used herein,the OFF position may be termed the “normal” position of activationswitch 230, although other normal positions are contemplated.

In another exemplary embodiment, when switch 230 is moved from the OFFposition, fob 102 may be deemed activated by the user. That is, switch230 may activate internal circuitry in fob 102 for permitting the fob tobe responsive to RF signals (e.g., commands from RFID reader 104). Inthis way, switch 230 may facilitate control of the active and inactivestates of fob 102. Such control increases the system security bypreventing inadvertent or illegal use of fob 102.

In one exemplary embodiment, switch 230 may be a simple mechanicaldevice in communication with circuitry which may electrically preventthe fob from being powered by a RFID reader. That is, when switch 230 isin its normal position, switch 230 may provide a short to fob 102internal circuitry, preventing fob 102 from being responsive tointerrogation by RF or via the USB connector 230. In this arrangement,switch 230 may be, for example, a “normally closed” (NC) configuredswitch, which may be electrically connected to the antenna 202 at theinterface of the antenna 202 and transponder 114. Switch 230 may bedepressed, which may open switch 230 fully activating the antenna 202.

In yet another exemplary embodiment, fob 102 may include a biometricsensor and biometric membrane configured to operate as switch 230 andactivate fob 102 when provided biometric signal from fob 102 user. Suchbiometric signal may be the digital reading of a fingerprint,thumbprint, or the like. Typically, where biometric circuitry is used,the biometric circuitry may be powered by an internal voltage source(e.g., battery). In this case, the switch may not be a simple mechanicaldevice, but a switch which is powered. In yet another exemplaryembodiment, switch 230 may be battery powered though no biometriccircuitry is present in fob 102.

In yet another embodiment, switch 230 may be a logic switch. Whereswitch 230 is a logic switch, switch 230 control software may be readfrom the sequence controller 208 to selectively control the activationof the various fob 102 components.

FIG. 3 illustrates an exemplary block diagram of RFID reader 104 inaccordance with an exemplary embodiment of the present invention. RFIDreader 104 includes, for example, an antenna 106 coupled to a RF module302, which is further coupled to a control module 304. In addition, RFIDreader 104 may include an antenna 108 positioned remotely from RFIDreader 104 and coupled to RFID reader 104 via a suitable cable 120, orother wire or wireless connection.

RF module 302 and antenna 106 may be suitably configured to facilitatecommunication with fob 102. Where fob 102 is formatted to receive asignal at a particular RF frequency, RF module 302 may be configured toprovide an interrogation signal at that same frequency. For example, inone exemplary embodiment, fob 102 may be configured to respond to aninterrogation signal of about 13.56 MHz. In this case, RFID antenna 106may be 13 MHz and may be configured to transmit an interrogation signalof about 13.56 MHz. That is, fob 102 may be configured to include afirst and second RF module (e.g., transponder) where the first modulemay operate using a 134 kHz frequency and the second RF module mayoperate using a 13.56 MHz frequency. RFID reader 104 may include tworeceivers which may operate using the 134 kHz frequency, the 13.56 MHzfrequency or both. When the reader 104 is operating at 134 kHzfrequency, only operation with the 134 kHz module on fob 102 may bepossible. When the reader 104 is operating at the 13.56 MHz frequency,only operation with the 13.56 MHz module on fob 102 may be possible.Where the reader 104 supports both a 134 kHz frequency and a 13.56 MHzRF module, fob 102 may receive both signals from the reader 104. In thiscase, fob 102 may be configured to prioritize selection of the one orthe other frequency and reject the remaining frequency. Alternatively,the reader 104 may receive signals at both frequencies from the fob uponinterrogation. In this case, the reader 104 may be configured toprioritize selection of one or the other frequency and reject theremaining frequency.

Further, protocol/sequence controller 314 may include an optionalfeedback function for notifying the user of the status of a particulartransaction. For example, the optional feedback may be in the form of anLED, LED screen and/or other visual display which is configured to lightup or display a static, scrolling, flashing and/or other message and/orsignal to inform fob 102 user that the transaction is initiated (e.g.,fob is being interrogated), the fob is valid (e.g., fob isauthenticated), transaction is being processed, (e.g., fob accountnumber is being read by RFID reader) and/or the transaction is acceptedor denied (e.g., transaction approved or disapproved). Such an optionalfeedback may or may not be accompanied by an audible indicator (or maypresent the audible indicator singly) for informing fob 102 user of thetransaction status. The audible feedback may be a simple tone, multipletones, musical indicator, and/or voice indicator configured to signifywhen the fob 102 is being interrogated, the transaction status, or thelike.

RFID antenna 106 may be in communication with a transponder 306 fortransmitting an interrogation signal and receiving at least one of anauthentication request signal and/or an account data from fob 102.Transponder 306 may be of similar description as transponder 114 of FIG.2. In particular, transponder 306 may be configured to send and/orreceive RF signals in a format compatible with antenna 202 in similarmanner as was described with respect to fob transponder 114. Forexample, where transponder 306 is 13.56 MHz RF rated antenna 202 may be13.56 MHz compatible. Similarly, where transponder 306 is ISO/IEC 14443rated, antenna 106 may be ISO/IEC 14443 compatible.

RF module 302 may include, for example, transponder 306 in communicationwith authentication circuitry 308 which may be in communication with asecure database 310. Authentication circuitry 308 and database 310 maybe of similar description and operation as described with respect toauthentication circuitry 210 and secure memory database 212 of FIG. 2.For example, database 310 may store data corresponding to fob 102 whichare authorized to transact business over system 100. Database 310 mayadditionally store RFID reader 104 identifying information for providingto fob 102 for use in authenticating whether RFID reader 104 isauthorized to be provided the fob account number stored on fob database214.

Authentication circuitry 308 may be of similar description and operationas authentication circuitry 210. That is, authentication circuitry 308may be configured to authenticate the signal provided by fob 102 insimilar manner that authentication circuitry 210 may be configured toauthenticate the signal provided by RFID reader 104. As is describedmore fully below, fob 102 and RFID reader 104 engage in mutualauthentication. In this context, “mutual authentication” may mean thatoperation of the system 100 may not take place until fob 102authenticates the signal from RFID reader 104, and RFID reader 104authenticates the signal from fob 102.

FIG. 4 is a flowchart of an exemplary authentication process inaccordance with the present invention. The authentication process isdepicted as one-sided. That is, the flowchart depicts the process ofRFID reader 104 authenticating fob 102, although similar steps may befollowed in the instance that fob 102 authenticates RFID reader 104.

As noted, database 212 may store security keys for encrypting ordecrypting signals received from RFID reader 104. In an exemplaryauthentication process, where RFID reader 104 is authenticating fob 102,RFID reader 104 may provide an interrogation signal to fob 102 (step402). The interrogation signal may include a random code generated bythe RFID reader authentication circuit 210, which is provided to fob 102and which is encrypted using an unique encryption key corresponding tofob 102 unique identification code. For example, protocol/sequencecontroller 314 may provide a command to activate the authenticationcircuitry 308. Authentication circuitry 308 may provide from database310 a fob interrogation signal including a random number as a part ofthe authentication code generated for each authentication signal. Theauthentication code may be an alphanumeric code which is recognizable(e.g., readable) by RFID reader 104 and fob 102. The authentication codemay be provided to fob 102 via the RFID RF interface 306 and antenna 106(or alternatively antenna 108).

Fob 102 receives the interrogation signal (step 404). The interrogationsignal including the authorization code may be received at the RFinterface 114 via antenna 202. Once fob 102 is activated, theinterrogation signal including the authorization code may be provided tothe modulator/demodulator circuit 206 where the signal may bedemodulated prior to providing the signal to protocol/sequencecontroller 208. Protocol/sequence controller 208 may recognize theinterrogation signal as a request for authentication of fob 102, andprovide the authentication code to authentication circuit 210. Fob 102may then encrypt the authentication code (step 406). In particular,encryption may be done by authentication circuit 210, which may receivethe authentication code and encrypt the code prior to providing theencrypted authentication code to protocol/sequence controller 208. Fob102 may then provide the encrypted authentication code to RFID reader104 (step 408). That is, the encrypted authentication code may beprovided to RFID reader 104 via modulator/demodulator circuit 206, RFinterface 114 (e.g., transponder 114) and antenna 202.

RFID reader 104 may then receive the encrypted authentication code anddecrypt it (step 410). That is, the encrypted authentication code may bereceived at antenna 106 and RF interface 306 and may be provided toauthentication circuit 308. Authentication circuit 308 may be provided asecurity authentication key (e.g., transponder system decryption key)from database 310. The authentication circuit may use the authenticationkey to decrypt (e.g., unlock) the encrypted authorization code. Theauthentication key may be provided to the authentication circuit basedon fob 102 unique identification code. For example, the encryptedauthentication code may be provided along with the unique fob 102identification code. The authentication circuit may receive fob 102unique identification code and retrieve from the database 310 atransponder system decryption key correlative to the unique fob 102identification code for use in decrypting the encrypted authenticationcode.

Once the authentication code is decrypted, the decrypted authenticationcode is compared to the authentication code provided by RFID reader 104at step 402 (step 412) to verify its authenticity. If the decryptedauthorization code is not readable (e.g., recognizable) by theauthentication circuit 308, fob 102 is deemed to be unauthorized (e.g.,unverified) (step 418) and the operation of system 100 is terminated(step 420). Contrarily, if the decrypted authorization code isrecognizable (e.g., verified) by fob 102, the decrypted authorizationcode is deemed to be authenticated (step 414), and the transaction isallowed to proceed (step 416). In one particular embodiment, theproceeding transaction may mean that fob 102 may authenticate RFIDreader 104 prior to RFID reader 104 authenticating fob 102, although, itshould be apparent that RFID reader 104 may authenticate fob 102 priorto fob 102 authenticating RFID reader 104.

It should be noted that in an exemplary verification process, theauthorization circuit 308 may determine whether the unlockedauthorization code is identical to the authorization code provided instep 402. If the codes are not identical then fob 102 is not authorizedto access system 100. Although, the verification process is describedwith respect to identicality, identicality is not required. For example,authentication circuit 308 may verify the decrypted code through anyprotocol, steps, or process for determining whether the decrypted codecorresponds to an authorized fob 102.

Authentication circuitry 308 may additionally be in communication with aprotocol/sequence controller 314 of similar operation and description asprotocol/sequence controller 208 of FIG. 2. That is, protocol/sequencedevice controller 314 may be configured to determine the order ofoperation of RFID reader 104 components. For example, FIG. 5 illustratesand exemplary decision process under which protocol/sequence controller314 may operate. Protocol/sequence controller 314 may command thedifferent components of RFID reader 104 based on whether fob 102 ispresent (step 502). For example, if fob 102 is not present, thenprotocol/sequence controller 314 may command RFID reader 104 to providean uninterrupted interrogation signal (step 504). That is, theprotocol/sequence controller may command the authentication circuit 308to provide an uninterrupted interrogation signal until the presence offob 102 is realized. If fob 102 is present, protocol/sequence controller314 may command RFID reader 104 to authenticate fob 102 (step 506).

As noted above, authentication may mean that protocol/sequencecontroller 314 may command the authentication circuit 308 to provide fob102 with an authorization code. If a response is received from fob 102,protocol/sequence controller may determine if the response is a responseto RFID reader 104 provided authentication code, or if the response is asignal requiring authentication (step 508). If the signal requiresauthentication, then protocol/sequence controller 314 may activate theauthentication circuit as described above (step 506). On the other hand,if fob 102 signal is a response to the provided authentication code,then protocol/sequence controller 314 may command RFID reader 104 toretrieve the appropriate security key for enabling recognition of thesignal (step 510). That is, protocol/sequence controller 314 may commandthe authentication circuit 308 to retrieve from database 310 a securitykey (e.g., transponder system decryption key), unlock the signal, andcompare the signal to the signal provided by RFID reader 104 in theauthentication process (e.g., step 506). If the signal is recognized,protocol/sequence controller 314 may determine that fob 102 isauthorized to access the system 100. If the signal is not recognized,then fob 102 is considered not authorized. In which case,protocol/sequence controller 314 may command the RFID controller tointerrogate for authorized fobs (step 504).

Once the protocol/sequence controller determines that fob 102 isauthorized, protocol/sequence controller 314 may seek to determine ifadditional signals are being sent by fob 102 (step 514). If noadditional signal is provided by fob 102, then protocol/sequencecontroller 314 may provide all the components of RFID reader 104 toremain idle until such time as a signal is provided (step 516).Contrarily, where an additional fob 102 signal is provided,protocol/sequence controller 314 may determine if fob 102 is requestingaccess to the merchant point of sale terminal 110 (e.g., POS device) orif fob 102 is attempting to interrogate RFID reader 104 for return(e.g., mutual) authorization (step 518). Where fob 102 is requestingaccess to a merchant point of sale terminal 110, protocol/sequencecontroller 314 may command RFID reader 104 to open communications withpoint of sale terminal 110 (step 524). In particular, protocol/sequencecontroller 314 may command the point of sale terminal communicationsinterface 312 to become active, permitting transfer of data between RFIDreader 104 and the merchant point of sale terminal 110.

On the other hand, if the protocol/sequence controller determines thatfob 102 signal is a mutual interrogation signal, then theprotocol/sequence controller may command RFID reader 104 to encrypt thesignal (step 520). Protocol/sequence controller 314 may command theencryption authentication circuit 318 to retrieve from database 320 theappropriate encryption key in response to fob 102 mutual interrogationsignal. Protocol/sequence controller 314 may then command RFID reader104 to provide the encrypted mutual interrogation signal to fob 102.Protocol/sequence controller 314 may command the authentication circuit318 to provide an encrypted mutual interrogation signal for fob 102 tomutually authenticate. Fob 102 may then receive the encrypted mutualinterrogation signal and retrieve from authentication circuitry 212 aRFID reader decryption key.

Although an exemplary decision process of protocol/sequence controller314 is described, it should be understood that a similar decisionprocess may be undertaken by protocol/sequence controller 208 incontrolling the components of fob 102. Indeed, as described above,protocol/sequence controller 314 may have similar operation and designas protocol/sequence controller 208. In addition, to the above,protocol/sequence controllers 208 and 314 may incorporate in thedecision process appropriate commands for enabling USB interfaces 222and 316, when the corresponding device is so connected.

Encryption/decryption component 318 may be further in communication witha secure account number database 320 which stores the security keysnecessary for decrypting the encrypted fob account number. Uponappropriate request from protocol/sequence controller 314,encryption/decryption component (e.g., circuitry 318) may retrieve theappropriate security key, decrypt the fob account number and forward thedecrypted account number to protocol sequence controller 314 in anyformat readable by any later connected POS device 110. In one exemplaryembodiment, the account number may be forwarded in a conventionalmagnetic stripe format compatible with the ISO/IEC 7813 standard. Thatis, in accordance with the invention, there is no need to translate orcorrelate the account number to traditional magnetic stripe format as isdone with the prior art. The invention processes the transaction requestdirectly, as if the card associated with the account has been presentedfor payment.

Upon receiving the account number in magnetic stripe format,protocol/sequence controller 314 may forward the account number to POSdevice 110 via a communications interface 312 and data link 122, as bestshown in FIG. 1. POS device 110 may receive the decrypted account numberand forward the magnetic stripe formatted account number to a merchantnetwork 112 for processing under the merchant's business as usualstandard. In this way, the present invention eliminates the need of athird-party server. Further, where POS device 110 receives a responsefrom network 112 (e.g., transaction authorized or denied),protocol/sequence controller 314 may provide the network response to theRF module 302 for optically and/or audibly communicating the response tofob 102 user.

RFID reader 104 may additionally include a USB interface 316, incommunication with the protocol/sequence controller 314. In oneembodiment, the USB interface may be a RS22 serial data interface.Alternatively, RFID reader 104 may include a serial interface such as,for example, a RS232 interface in communication with theprotocol/sequence controller 314. The USB connector 316 may be incommunication with a personalization system 116 (shown in FIG. 1B) forinitializing RFID reader 104 to system 100 application parameters. Thatis, prior to operation of system 100, RFID reader 104 may be incommunication with personalization system 116 for populating database310 with a listing of security keys belonging to authorized fobs 102,and for populating database 320 with the security keys to decrypt fob102 account numbers placing the account numbers in ISO/IEC 7813 format.In this way, RFID reader 104 may be populated with a unique identifier(e.g., serial number) which may be used by fob authentication circuitry210 to determine if RFID reader 104 is authorized to receive fob 102encrypted account number.

FIG. 1B illustrates an exemplary personalization system 100B, inaccordance with the present invention. In general, typicalpersonalization system 100B may be any system for initializing RFIDreader 104 and fob 102 for use in system 100A. With reference to FIG.1B, the similar personalization process for fob 102 may be illustrated.For example, personalization system 116 may be in communication with fob102 via RF ISO 14443 interface 114 for populating fob database 212 withthe security keys for facilitating authentication of the unique RFIDreader 104 identifier. In addition, personalization system 116 maypopulate on database 212 a unique fob 102 identifier for use by RFIDreader 104 in determining whether fob 102 is authorized to access system100. Personalization system 116 may populate (e.g., inject) theencrypted fob 102 account number into fob database 214 for laterproviding to an authenticated RFID reader 104.

In one exemplary embodiment, personalization system 116 may include anystandard computing system as described above. For example,personalization system 116 may include a standard personal computercontaining a hardware security module operable using any conventionalgraphic user interface. Prior to populating the security key informationaccount number and unique identifying information into fob 102 or RFIDreader 104, the hardware security module may authenticate fob 102 andRFID reader 104 to verify that the components are authorized to receivethe secure information.

FIGS. 6A-B illustrate an exemplary flowchart of a personalizationprocedure which may be used to personalize fob 102 and/or RFID reader104. Although the following description discusses mainly personalizationof fob 102, RFID reader 104 may be personalized using a similar process.The personalization process, which occurs between the personalizationsystem 116 and the device to be personalized (e.g., fob 102 or RFIDreader 104), may begin, for example at step 602. Mutual authenticationmay occur between the personalization system 116 and the device to beauthenticated in much the same manner as was described above with regardto fob 102 mutually authenticating with RFID reader 104. That is,personalization system 116 may transmit a personalization system 116identifier to the device to be authenticated which is compared by thedevice authentication circuitry 210, 308 against personalization systemidentifiers stored in the device database 212, 310. Where a match doesnot occur (step 604), the personalization process may be aborted (step612). Where a match occurs (step 604), the personalization system mayprepare a personalization file to be provided to the device to bepersonalized (step 606). If the personalization system is operatedmanually, the personalization file may be entered into thepersonalization system 116 using any suitable system interface such as,for example, a keyboard (step 606). Where the personalization system 116operator elects to delay the preparation of the personalization files,the system 116 may abort the personalization process (step 610). In thiscontext, the personalization file may include the unique fob 102 or RFIDreader 104 identifier, security key for loading into database 212 and310, and/or security keys for decrypting a fob account number which maybe loaded in database 320.

Fob 102 may be personalized by direct connection to the personalizationsystem 116 via RF ISO/IEC 14443 interface 114, or fob 102 may bepersonalized using RFID reader 104. Personalization system 116 and RFIDreader 104 may engage in mutual authentication and RFID reader 104 maybe configured to transmit the fob personalization file to fob 102 viaRF. Once fob 102 is presented to RFID reader 104 (steps 608, 614) forpersonalization, fob 102 and RFID reader 104 may engage in mutualauthentication (step 614). Where fob 102 is not presented to RFID reader104 for personalization, the personalization process may be aborted(step 610).

If fob 102 is detected, the personalization system 116 may create as apart of the personalization file, a unique identifier for providing tofob 102 (step 616). The identifier is unique in that one identifier maybe given only to a single fob. That is, no other fob may have that sameidentifier. The fob may then be configured and loaded with thatidentifier (step 618).

The encrypted fob 102 account number may be populated into fob 102 inthe same manner as is described with respect to fob 102 uniqueidentifier. That is, personalization system 116 may pre-encrypt theaccount data (step 620) and inject the encrypted account into fobdatabase 214 (step 622). The encrypted account data may be loaded (e.g.,injected) into fob 102 using RFID reader 104 as discussed above.

Once the personalization file is populated into fob 102, the populatedinformation is irreversibly locked to prevent alteration, unauthorizedreading and/or unauthorized access (step 624). Personalization system116 may then create a log of the personalization file information forlater access and analysis by the personalization system 116 user (step626).

It should be noted that in the event the personalization process iscompromised or interrupted (step 628), personalization system 116 maysend a security alert to the user (step 630) and the personalizationprocess may be aborted (step 612). On the other hand, where no suchcompromising or interruption exists, personalization system 116 may beprepared to begin initialization on a second device to be personalized(step 632).

FIGS. 7A-B illustrate another exemplary embodiment of a personalizationprocess which may be used to personalize RFID reader 104. RFID reader104 may be in communication with a personalization system 116 via RFIDreader USB connection 316 (step 702). Once connected, personalizationsystem 116 may establish communications with RFID reader 104 and RFIDreader 104 may provide personalization system 116 any RFID reader 104identification data presently stored on RFID reader 104 (step 704). Inaccordance with step 708, where RFID reader 104 is being personalizedfor the first time (step 706) RFID reader 104 and personalization system116 may engage in mutual authentication as described above with respectto FIGS. 6A-B. After the mutual authentication is complete,personalization system 116 may verify that RFID reader 104 is properlymanufactured or configured to operate within system 100. Theverification may include evaluating the operation of RFID reader 104 bydetermining if the RFID reader will accept predetermined defaultsettings. That is, personalization system 116 may then provide RFIDreader 104 a set of default settings (step 708) and determine if RFIDreader 104 accepts those settings (step 712). If RFID reader 104 doesnot accept the default settings, personalization system 116 may abortthe personalization process (step 714).

If personalization system 116 determines that the personalizationprocess is not the first personalization process undertaken by RFIDreader 104 (step 706), personalization system 116 and RFID reader 104may engage in a mutual authentication process using the existingsecurity keys already stored on RFID reader 104 (step 710). Ifauthentication is unsuccessful (step 712), personalization system 116may abort the personalization process (step 714).

Where personalization system 116 and RFID reader 104 successfullymutually authenticate, personalization system 116 may update RFID reader104 security keys (step 716). Updating the security keys may take placeat any time as determined by a system 100 manager. The updating may takeplace as part of a routine maintenance or merely to install currentsecurity key data. The updating may be performed by downloading firmwareinto RFID reader 104 (step 718). In the event that personalizationsystem 116 determines in step 706 that RFID reader 104 is undergoing aninitial personalization, the firmware may be loaded into RFID reader 104for the first time. In this context, “firmware” may include any filewhich enables the RFID reader 102 to operate under system 100guidelines. For example, such guidelines may be directed toward theoperation of RFID reader protocol/sequence controller 314.

Personalization system 116 may then determine if the personalizationkeys (e.g., security keys, decryption keys, RFID identifier) need to beupdated or if RFID reader 104 needs to have an initial installation ofthe personalization keys (step 720). If so, then personalization system116 may download the personalization keys as appropriate (step 722).

Personalization system 116 may then check RFID reader 104 to determineif fob 102 identifiers and corresponding security keys should be updatedor initially loaded (step 724). If no updating is necessarypersonalization system 116 may end the personalization procedure (step732). Contrarily, if personalization system 116 determines that fob 102identifiers and corresponding keys need to be updated or installed,personalization system 116 may download the information onto RFID reader104 (step 726). The information (e.g., fob security keys andidentifiers) may be downloaded in an encrypted format and RFID reader104 may store the information in the RFID reader database 310 asappropriate (step 728). Personalization system 116 may then create orupdate a status log cataloging for later use and analysis bypersonalization system 116 user (step 730). Upon updating the statuslog, the personalization process may be terminated (step 732).

It should be noted that, in some instances it may be necessary torepersonalize the RFID reader in similar manner as described above. Inthat instance, the personalization process described in FIGS. 7A and 7Bmay be repeated.

FIG. 8 illustrates an exemplary flow diagram for the operation of system100A. The operation may be understood with reference to FIG. 1A, whichdepicts the elements of system 100A which may be used in an exemplarytransaction. The process is initiated when a customer desires to presentfob 102 for payment (step 802). Upon presentation of fob 102, themerchant initiates the RF payment procedure via an RFID reader 104 (step804). In particular, the RFID reader sends out an interrogation signalto scan for the presence of fob 102 (step 806). The RF signal may beprovided via the RFID reader antenna 106 or optionally via externalantenna 108. The customer then may present fob 102 for payment (step808) and fob 102 is activated by the RF interrogation signal provided.

Fob 102 and RFID reader 104 may then engage in mutual authentication(step 810). Where the mutual authentication is unsuccessful, an errormessage may be provided to the customer via the RFID optical and/oraudible indicator (step 814) and the transaction may be aborted (step816). Where the mutual authentication is successful (step 812), RFIDreader 104 may provide the customer with an appropriate optical and/oraudible message (e.g., “transaction processing” or “wait”) (step 818).The fob protocol/sequence controller 208 may then retrieve from database214 an encrypted fob account number and provide the encrypted accountnumber to RFID reader 104 (step 820).

RFID reader 104 may then decrypt the account number and convert theaccount number into magnetic stripe (ISO/IEC 7813) format (step 822) andprovide the unencrypted account number to merchant system 130 (step828). In particular, the account number may be provided to POS 110device for transmission to merchant network 112 for processing.Exemplary processing methods according to the present invention arediscussed with respect to FIGS. 10-13, shown below. Upon processing, POSdevice 110 may then send an optical and/or audible transaction statusmessage to RFID reader 104 (step 830) for communication to the customer(step 832).

The methods for processing the transactions may include one of severalformats as required by the fob issuer. For example, one processingmethod may include processing the transaction under a preloaded fobformat wherein a payment value (e.g., monetary value, reward pointsvalue, barter points value, etc.) may be preloaded into a preloadedvalue account or data file prior to permitting usage of the fob. In thisway, the user may be permitted to set aside a payment amount fortransactions for goods and services using the fob. During processing ofthe transaction, approval of the transaction may involve comparing thetransaction amount to the amount stored (or remaining) in the preloadedvalue data file. Comparison may be made by a preloaded value processingsystem wherein the preloaded value processing system may compare thetransaction amount to be processed to the preload value data file. Wherethe transaction amount exceeds the amount stored in the preloaded valueaccount, the preloaded value processing system may deny authorizationfor completion of the transaction, request that the user increase thevalue in the data file, request another form of payment to satisfy allor a portion of the transaction amount, and/or any other means tosatisfy the associated financial institution of payment. Where thetransaction amount does not exceed the amount stored in the preloadedvalue data file account, the preloaded value processing system mayprovide for authorization of the transaction.

An exemplary preloaded value processing system 1000 is shown withrespect to FIG. 10. Preloaded value processing system 1000 may includefob 102 including transponder 114, which is in communication with amerchant system 130 via RFID reader 104 or computer interface 134 as isdescribed with respect to FIG. 1A. The merchant system may be incommunication with an issuer system 1010, where issuer system 1010 maybe maintained by any entity (e.g., non-financial or financialinstitution, American Express®, Visa® and/or MasterCard®, etc.) whichpermits fob 102 user to store a preload value amount in a preloadedvalue account (e.g., data file) maintained on an issuer database 1012 ofsimilar construction as database 212. Issuer system 1010 may furtherinclude one or more process servers for processing a fob transaction. Asshown, POS device 110 (included in merchant system 130) may be incommunication with an issuer account server (IAS) 1014 for receiving thefob account information from POS device 110. IAS 1014 may be in furthercommunication with a preloaded value authorization server (PLAS) 1016for processing transactions involving a preloaded value fob. PLAS 1016may be in further communication with issuer database 1012 for retrievingfunds from the preloaded value data file (not shown) which are used forsatisfying the preloaded fob or merchant transaction request. In thisinstance, the preloaded value data file may be included on database 1012as, for example, one or more sub-files.

As used herein, the term “issuer” or “account provider” may refer to anyentity facilitating payment of a transaction using a fob, and mayinclude systems permitting payment using at least one of a preloaded andnon-preloaded fob. Typical issuers may be, for example, AmericanExpress®, MasterCard®, Visa, Discover®, and the like. In the preloadedvalue processing context, an exchange value (e.g., money, rewardspoints, barter points, etc.) may be stored in a preloaded value datafile for use in completing a requested transaction. In one embodiment,the exchange value is not be stored on the fob itself. Further, thepreloaded value data file may be debited the amount of the transaction,so the preloaded value account may be replenished. As described morefully below, the preloaded value system platform may be used to complete“direct link” transactions. In which case, the preloaded value accountmay function as a place holder and may store a zero value.

The preloaded value data file may be any conventional data fileconfiguration for storing a value (e.g., monetary, rewards points,barter points, etc.) which may be exchanged for goods or services. Inthat regard, the preloaded value data file may have any configuration asdetermined or desired by the issuer system 1010.

In exemplary operation, fob identifying information (e.g., accountnumber or fob marker) may be provided to POS device 110 in similarmanner as was discussed with respect to FIG. 1A. That is, fob 102 may bepresented to merchant system 130 via RFID reader 104 or a computerinterface 134, which may provide the fob identifying information inTrack 1 or Track 2 format, or any format recognizable by POS device 110and/or issuer system 1010. POS device 110 included in merchant system130 may receive fob 102 identifying information and provide fob 102identifying information along with the transaction identifyinginformation (e.g., amount, quantity, merchant identification, etc.) toissuer system 1010 for authorization. Merchant system 130 mayadditionally include a merchant system marker or identifier forindicating a merchant system identity. Merchant system 130 may combinefob 102 identifying information, the merchant identifying information,and/or the transaction identifying information, into a merchanttransaction request for providing to the issuer system 1010.

IAS 1014 may receive the transaction and fob identifying information (ormerchant transaction request) and suitably recognize that thetransaction is being requested relative to a preloaded value accountassociated with a preloaded fob. That is, IAS 1014 may recognize thatthe user has presented a preloaded fob 102 for payment. Recognition offob 102 as a preloaded fob may mean that the fob identifying informationincludes a marker or identifier indicating that the fob is associatedwith a preloaded value data file. Upon recognition of the marker, IAS1014 may forward transaction and fob identifying information to PLAS1016 for processing. PLAS 1016 may compare the transaction amount to thevalue stored or remaining in the preloaded value to determine ifauthorization should be granted or denied. Where the transaction amountexceeds the value stored in the preloaded value data file, PLAS 1016 mayforward a transaction denied message to IAS 1014 for providing to themerchant system 130, or the PLAS may facilitate a request that the userincrease the value in the data file, request another form of payment tosatisfy all or a portion of the transaction amount, and/or any othermeans to satisfy the associated financial institution of current orfuture payment. Alternatively, where the transaction amount is less thanor equal to the value stored in the preload value data file PLAS 1016may deduct from the preloaded value data file the necessary amount forsatisfaction of the transaction.

As noted above, in one exemplary embodiment of the present invention,PLAS 1016 may provide a transaction denied message to IAS 1014 forvarious financial security reasons, such as where the amount stored inthe preloaded value account is less than required for satisfying themerchant or fob transaction request. In this instance, where thepreloaded value falls below a predetermined minimum level (e.g., minimumdepletion level), it may be necessary for the fob user to reload thepreloaded value data file. Reloading of the preloaded value account maytake place manually (e.g., by the fob user telephonically or online) ormay take place automatically when the value stored in the preloadedvalue data file is depleted to a predefined level. Where the reloadingis done automatically, reloading may occur under rules established bythe fob issuer or owner. For example, reloading may occur at preselectedtime intervals, when the value stored is below a predetermined amount,until a maximum number of reloads in a predetermined time period hasoccurred or until a maximum reload amount is reached in a predeterminedtime period.

In another exemplary operation, processing system 1000 may be operatedoffline. For example, merchant system 130 may be offline with respect toissuer system 1010. That is, transactions may be approved at merchantsystem 130, prior to the transaction identifying information beingtransferred to the issuer system. Instead, merchant system 130 may beprovided an approval protocol for use in evaluating the merchanttransaction request. For example, the approval protocol may provide fortransaction approval where the transaction is below a certain amount,includes a particular merchant or goods or service, or is requested froma particular location or the like. Once the offline transaction iscompleted, the merchant may seek satisfaction of the transaction at alater time-period by submitting the transaction to the issuerindividually, in batch, or under any submission processing determined bythe merchant.

For offline transactions, fob 102 may include a counter (not shown)which may track the number of offline transactions. Once a predeterminednumber of transactions are attempted, the counter may be used tofacilitate disenabling fob 102 usage. At which point fob 102 user may berequired to perform an online transaction whereby the counter may bereset, again permitting offline usage of the fob. As can be understood,requiring online usage following a predetermined number of offlineusages may function as an additional security measure.

FIGS. 11A and 11B depict exemplary preloading and reloading processeswhich may be performed in accordance with the present invention. Thepreloading and reloading processes may be preformed using one or moreservers (e.g., PLAS 1016) in communication with a funding source 1104.Although the processes are demonstrated using a PLAS 1016, it iscontemplated that any server configured for establishing and managingdata files may be used. However, to facilitate further understanding ofthe invention, the preloading and reloading aspects of the invention aredescribed with reference to PLAS 1016.

PLAS 1016 may be used to establish on the server or on a database (e.g.,database 1012) a preloaded value account (e.g., data file) (1106). Thepreload value account may be funded or maintained by a fobissuer/account provider which may establish a credit, charge, debit,rewards value account, loyalty account, or the like, in connection witha charge or credit card (e.g., Visa, MasterCard, American Express,Discover, etc.), debit or direct debit authorization (DDA) system.

The preloaded value account may be established to at least apredetermined minimum preload amount or value (e.g., minimum preloadlevel) as determined by the account provider and/or the fob user orowner. In this context, the predetermined minimum value (e.g., minimumpreload value) required to establish the preloaded value account mayvary with respect to a particular fob user. The preloaded value accountmay be loaded (e.g., preloaded or reloaded) from funds received from oneof a funding source 1104 (American Express, Visa, MasterCard, Discover,fuel cards, or the like). Further, the preloaded value account may beloaded with value received from loyalty or rewards points provider. Tofacilitate the understanding of the invention, the loyalty or rewardspoint provider may be referred to herein as a funding source. Thus, PLAS1016 may communicate with the funding source 1104 to obtain funds orvalue for loading and/or reloading the preloaded value account (1108).

FIG. 11B shows an exemplary reloading process in accordance with theinvention. During operation, a consumer may present to merchant system130 the prepaid fob 102 for purchasing goods or services (1110). Thepreloaded value account is then depleted the value amount paid tomerchant system 130. The process for purchasing goods may be repeateduntil the value stored in the preloaded value account equals or is lessthan a minimum level balance (e.g., minimum depletion level). Theminimum depletion level may be predetermined by the fob user or fobissuer, and may be the minimum value permitted to be stored in thepreloaded value account before the file is to be reloaded.

Once the preloaded value data is depleted such that the minimumdepletion level is reached, PLAS 1016 may trigger an automatic reload toreload the preloaded value account from funds retrieved from the fundingsource 1104 (1112). The amount of funds retrieved may be sufficient forloading the preloaded value account to the minimum amount describedabove or to some other predetermined reload value. In one exemplaryembodiment, PLAS 1016 may trigger automatic reloading where apredetermined minimum depletion level (e.g., “minimum level balance”) isreached. That is, the preloaded value account may not be entirelydepleted to zero value before automatic reloading occurs. In thisinstance, PLAS 1016 may charge the funding necessary for automaticreloading against the available funds at funding source 1104. In anotherexemplary embodiment, the automatic reloading may occur where thetransaction exceeds the amount stored in or remaining in the preloadedvalue account. In this way, the preloaded value account may be restoredto an amount necessary for completion of the transaction. For example,where automatic reloading restores the preloaded value account to avalue suitable for transaction completion, the preloaded value accountmay be automatically reloaded prior to processing the transaction.

In another exemplary embodiment, automatic reloading may occur based ondifferent user or issuer automatic reload criteria. Other automaticreload criteria may include, but are not limited to, reloading until adefined maximum load amount in a defined time period is reached,reloading at a selected reoccurring time interval (e.g., once a month),reloading as permitted until a defined maximum number of reloads in aspecified time period is reached, or reloading until a defined maximumreload amount is reached in a specified time period. In some instances,reloading may be accomplished manually, such as, for example, when thefob user contacts the issuer telephonically or via user interface toprovide a specified funding criteria and funding source for use inreloading the preloaded value account.

In yet another exemplary embodiment, the preloaded value transactionprocessing system may permit approval of a transaction where thetransaction value exceeds the preloaded value amount stored in thepreloaded value account. That is, the preloaded fob may be used forpurchases exceeding the preloaded value amount provided that the chargesubmitted by the merchant is less than or equal to the maximum reloadamount permitted plus the amount stored on the card at the time thecharge is submitted.

In another exemplary embodiment, the preloaded value system may approvetransactions based on a particular merchant's transaction processingprotocol. Where the issuer has reviewed and/or approved a merchant'stransaction processing method, the system may take the method inconsideration in determining whether to approve a merchant's transactionrequest. For example, a merchant's transaction processing method mayinclude the merchant submitting transaction requests which exceed thepreloaded value amount, but the actual charge may be less than or equalto the preloaded value amount. Under this transaction processing methoda merchant, such as, for example, a gasoline merchant, may seekpre-approval of an anticipated gasoline fueling amount. Neither theconsumer nor the merchant may know the exact final value of thepurchase, especially, for example, where the consumer decides to fillhis automobile gas tank or purchase non-fuel items. Thus, the merchantmay submit a transaction request which may be higher than the finalamount of the transaction. The merchant may submit the transactionrequest in real-time or at a later time period in a similar manner as isdescribed above with respect to offline transaction request processing.In either on line or off line processing, the preloaded valuetransaction processing system may still be configured to approve thetransaction request. The processing system may recognize that atransaction came from a particular merchant and institute apredetermined approval protocol correlative to that merchant, since theapproval protocol may include information that the merchant is sending atransaction request exceeding the actual charge.

The transaction processing system may use any one of the acceptabletechniques for identifying merchants, such as recognition of themerchant ID, or a marker appended to the transaction, or the like. Theprocessing system may correlate the merchant ID with a merchant protocolfor requesting a transaction approval of an amount greater than thepreloaded value (or reload value), and approve the merchant requestaccordingly.

In accordance with an alternate exemplary embodiment of a preloadedvalue processing system 1000, upon receiving the transaction requestfrom the IAS 1014, PLAS 1016 may evaluate the transaction request basedupon several risk criteria established by the issuer for either onlineor offline transactions. If all the criteria are successfully met, thenPLAS 1016 may send authorization of the transaction (e.g., “transactiongranted”) to IAS 1014 for providing to merchant system 130. Simultaneouswith or subsequent to, providing the transaction authorization to theIAS 1014, PLAS 1016 may seek satisfaction of the transaction from thefob value account maintained on the account provider database 1012. Thetransaction request may be provided to IAS 1014 for processing. That is,IAS 1014 may seek to deduct the transaction value from the balance ofthe amount stored in the preloaded value account.

FIG. 12 depicts an exemplary embodiment of another transactionprocessing system (“direct link” system) 1200 in accordance with thepresent invention. More particularly, FIG. 12 depicts a direct linksystem 1200 which may be used to process a merchant transaction request.In this context, a direct link system may be any system whichfacilitates satisfaction of a transaction request using a fob or otherpresentable medium (credit card, charge card, debit card, or the like)directly linked to an account which stores an exchange value (e.g.,money, credit or charge, or rewards points, etc.). In this instance, thepreloaded value account may not be preloaded as described above.Further, the preloaded value account may be linked to a contactfinancial product such as a credit, debit, and/or DDA card, and thelike, which may be presented for payment of goods and services. In thisregard, the fob (here called “direct link fob”) and the card areassociated with the same funding source and the user or merchant mayseek satisfaction of a transaction from the funding source independentof whether the direct link fob or card is used. In the exemplary directlink system 1200, the direct link fob 102 user may not establish apreloaded value account with value. Instead, the preloaded value accountmay perpetually store a zero value or fob 102 may be associated with afob transaction account which may be used to provide payment to themerchant for goods and services where the account may be a credit,debit, loyalty account or the like.

In accordance with an exemplary embodiment of the invention, atransaction request associated with a direct link fob 102 may beprocessed using the preloaded value transaction system processingdescribed above. However, as noted, in this instance the preloaded valueaccount is used as a place holder storing a zero value. A transactionaccount containing a transaction account value which is associated withthe direct link fob is treated as the funding source for satisfyingdirect link transactions. In this instance, the transaction may besatisfied according to a fob user or issuer predefined protocol orcriteria.

As shown, merchant system 130 may be in communication with an issuersystem 1010 for receiving a merchant transaction request. Moreparticularly, POS device 110 may be in communication with an issuerserver, such as, for example, an issuer account server (IAS) 1014 forreceiving the merchant and/or transaction identifying information. IAS1014 may be in further communication with a PLAS 1016 for processing themerchant transaction request. In some instances PLAS 1016 may be infurther communication with a second IAS 1202, although a second IAS 1202may not be required where one or more of the existing servers mayperform the functions of IAS 1202 described below. However, the IAS 1202is included herein to simplify the understanding the operation of thisexemplary embodiment.

In exemplary operation of system 1200, the direct link fob identifyinginformation (e.g., fob identifier or account number) may be provided toPOS device 110 in similar manner as was discussed with respect to FIG.1A. That is, the direct link fob 102 may be presented to merchant system130 via RFID reader 104 or computer interface 134, which may provide thedirect link fob 102 identifying information in Track 1 or Track 2format. POS device 110 included in merchant system 130 may receive thedirect link fob 102 identifying information and provide the direct linkfob 102 identifying information along with the transaction identifyinginformation (e.g., amount, quantity, merchant identification, etc.) toissuer system 1010 for authorization.

IAS 1014 may receive the transaction and fob identifying information andrecognize that the transaction as being requested relative to a directlink fob 102. Recognition of the direct link fob 102 in this instancemay mean that the direct link fob 102 identifying information includes amarker or identifier indicating that the fob is associated with a zerovalue preloaded value account. Upon recognition of the marker, IAS 1014may forward the transaction and fob identifying information to PLAS 1016for processing.

In similar manner as was described with respect to the operation of thepreloaded value processing system of FIG. 10, PLAS 1016 may evaluate thetransaction request based upon several risk criteria established by theissuer. Exemplary risk criteria may include, but are not limited to,consideration of transaction amount limits for a specified time period,fob user usage history, fund or reserve limits, pre-determinedre-funding rules, user defined limits, or any similar evaluativecriteria. If all the criteria are successfully met, then PLAS 1016 maysend authorization of the transaction (e.g., “transaction granted”) toIAS 1014 for providing to merchant system 130. The transactionauthorization may be provided to merchant system 130 based on evaluationof the risk criteria and not upon the value present in preloaded valueaccount or direct link transaction account storing value relative to thedirect link fob.

After providing the transaction authorization to the IAS 1014, PLAS 1016may seek authorization of the transaction against the direct link fobaccount (e.g., transaction account) which is maintained on issuerdatabase 1012, and which is funded by value received from funding source1104. The authorization request may be provided to IAS 1202 for approvalwhich may retrieve the necessary value from the direct link fob account.For example, where the direct link fob account is a charge or creditaccount, PLAS 1016 may request authorization from the second IAS 1202and IAS 1202 may assess the transaction amount against the direct linkfob account on database 1012. IAS 1202 may seek to record the amount ofthe transaction in the direct link fob usage history data file forpayment at the end of a billing cycle (e.g., charge account), or theamount may be recorded on the fob direct link fob usage data file forpayment at a date later than the end of the billing cycle (e.g., creditaccount).

In an alternative operation PLAS 1016 may assess the transaction amountagainst the direct link fob account, without use of a second IAS 1202.Whether the transaction is processed using a second IAS 1202, it is tobe understood that value may not be immediately transferred to themerchant system from the direct link fob account for satisfying thetransaction. Instead, the direct link fob issuer may guaranteesatisfaction of the merchant transaction by, for example, request untila certain value is retrieved from the direct link fob account at the endof the billing cycle or later. That is, PLAS 1016 may provideauthorization of the transaction, but may not retrieve the necessaryvalue for satisfying the transaction until after the merchant provides arequest for settlement to the issuer system.

In yet another exemplary transaction processing system 1300 depicted inFIG. 13, merchant system 130 may provide a batch file containingmultiple fob transaction requests to be processed to a process server1302 where the multiple fob transactions may include both preloadedvalue and direct link transaction request. The system 1300 may include aprocess server 1302 which distinguished between preloaded value anddirect link transaction requests. That is, process server 1302 may beused for separating the fob transactions which are associated with apreloaded fob account and those that are not associated with a preloadedfob account, as discussed more fully below. Process server 1302 mayfurther be in communication with IAS 1014 for seeking settlement of thetransaction. IAS 1014 may process the transaction request in accordancewith the direct link transaction process or the preloaded valuetransaction platform described above.

In exemplary operation of system 1300, process server 1302 may receivethe settlement file and identify the files according to the nature ofthe transaction request. For example, process server 1302 may placemarkers on the files received and create sub-files of transactionrequests relative to the type of fob used in the transaction (e.g.,preloaded fob, and direct link fob associated with a charge or creditaccount). The process server may create the sub-files relative to thefile markers. Process server 1302 may create a first fob transactionfile for merchant payables and a second fob transaction file foraccounts receivable to be forwarded to IAS 1014 for processing. Wherethe sub-file includes merchant payable, process server 1302 may providefunds to the merchant for payment of the transaction, where the fundsprovided may be equivalent to the transaction amount minus discountrevenues. The funds may be retrieved from the funding source forproviding to the merchant. Alternatively, process server 1302 may createa second fob transaction file for accounts receivable payments andforwarded the second fob transaction file to IAS 1014. IAS 1014 may thenprocess the transaction request according to the processes described inFIGS. 10 and 12. That is, IAS 1014 may distinguish the preloaded fobtransaction requests from those associated with the direct link fob andprocess the transactions accordingly.

Considering the operation of the various transaction processing systemsdescribed above, it can be seen that the transaction processing systemsdescribed may distinguish when a preloaded fob is used, when a cardassociated with a fob is used, or when an account associated with apreloaded fob is reloaded. In that regard, the present invention may beused to reward points depending on the nature of the fob usage. Thepoints (e.g., loyalty points) may be stored in a points or rewardsaccount maintained on the issuer database (e.g., database 1012). Therewards points may then later be redeemed from the rewards account forexchange for goods and services as desired by the fob user. For moreinformation on loyalty systems and transaction systems, see, forexample, U.S. patent application Ser. No. 09/836,213, filed on Apr. 17,2001, by inventors Voltmer, et al., and entitled “System And Method ForNetworked Loyalty Program”; U.S. Continuation-In-Part patent applicationSer. No. 10/027,984, filed on Dec. 20, 2001, by inventors Ariff, et al.,and entitled “System And Method For Networked Loyalty Program”; U.S.Continuation-In-Part patent application Ser. No. 10/010,947, filed onNov. 6, 2001, by inventors Haines, et al., and entitled “System AndMethod For Networked Loyalty Program”; the Shop AMEX™ system asdisclosed in Ser. No. 60/230,190, filed Sep. 5, 2000; the MR asCurrency™ and Loyalty Rewards Systems disclosed in Ser. No. 60/197,296,filed on Apr. 14, 2000, Ser. No. 60/200,492, filed Apr. 28, 2000, Ser.No. 60/201,114, filed May 2, 2000; a stored value card as disclosed inSer. No. 09/241,188, filed on Feb. 1, 1999; a system for facilitatingtransactions using secondary transaction numbers disclosed in Ser. No.09/800,461, filed on Mar. 7, 2001, and also in related provisionalapplication Ser. No. 60/187,620, filed Mar. 7, 2000, Ser. No.60/200,625, filed Apr. 28, 2000, and Ser. No. 60/213,323, filed May 22,2000, all of which are herein incorporated by reference. Other examplesof online membership reward systems are disclosed in Netcentives U.S.Pat. No. 5,774,870, issued on Jun. 30, 1998, and U.S. Pat. No.6,009,412, issued on Dec. 29, 1999, both of which are herebyincorporated by reference.

As noted, in one instance, points may be provided when the fob is usedin addition to when the card associated with the fob is used. Forexample, IAS 1014 may recognize that a fob is being used and awardpoints (e.g., loyalty points) to the rewards account assigned to the fobuser or associated with the fob. The loyalty points may be awarded basedon any criteria as determined by the fob issuer. Exemplary rewardingcriteria may include rewarding points for, for example, frequency of fobusage, amount of individual purchase using the fob, the total amount ofpurchases in a given time period, location of merchant, type ofmerchant, or any such criteria for incenting fob usage.

Where the fob is associated with a preloaded value account such as thatdescribed with respect to FIG. 10, points may be awarded for accountreloading. That is, IAS 1014 may place award points in the rewardsaccount relative to the amount loaded or reloaded as required. FurtherIAS 1014 may place reward points in the rewards account relative tousage of the fob at a particular merchant or for a particulartransaction.

It should be noted that the transaction account associated with fob 102may include a usage restriction, such as, for example, a per purchasespending limit, a time of day use, a day of week use, certain merchantuse and/or the like, wherein an additional verification is required whenusing the fob outside of the restriction. The restrictions may bepersonally assigned by fob 102 user, or the account provider. Forexample, in one exemplary embodiment, the account may be establishedsuch that purchases above $X (i.e., the spending limit) must be verifiedby the customer. Such verification may be provided using a suitablepersonal identification number (PIN) which may be recognized by fob 102or a payment authorization center (not shown) as being unique to fob 102holder (e.g., customer) and the correlative fob 102 transaction accountnumber. Where the requested purchase is above the established perpurchase spending limit, the customer may be required to provide, forexample, a PIN, biometric sample and/or similar secondary verificationto complete the transaction. That is, for example, fob 102 may enter theunique PIN in a conventional keypad at merchant system 130 or RFIDreader 104. The PIN may be provided to the authorization center forcomparison with a correlative PIN stored on the issuer system.Alternatively, the PIN may be provided to fob 102 via RFID reader 104.Fob 102 may verify the PIN by comparing the PIN to a correlative PINstored on, for example, secure memory 212.

Where a verification PIN is used as secondary verification theverification PIN may be checked for accuracy against a corroborating PINwhich correlates to fob 102 transaction account number. Thecorroborating PIN may be stored locally (e.g., on fob 102), or may bestored on a database (1012) at the payment authorization center. Thepayment authorization center database may be any database 1012maintained and operated by fob 102 transaction account provider.

The verification PIN may be provided to POS device 110 using aconventional merchant (e.g., POS) PIN key pad 118 in communication withPOS device 110 as shown in FIG. 1A, or a RFID keypad in communicationwith RFID reader 104. PIN keypad may be in communication with POS device110 (or alternatively, RFID reader 104) using any conventional data linkdescribed above. Upon receiving the verification PIN, RFID reader 104may seek to match the PIN to the corroborating PIN stored on RFID reader104 at database 310 or 320. Alternatively, the verification PIN may beprovided to a payment authorization center to determine whether the PINmatches the PIN stored on the payment authorization center databasewhich correlates to fob 102 account. If a match is made, the purchasemay no longer be restricted, and the transaction may be allowed to becompleted.

In an alternate embodiment, verification of purchases exceeding theestablished spending limit may involve biometrics circuitry included infob 102. FIG. 9 is a schematic block diagram of an exemplary fob 102wherein fob 102 includes a biometric security system 902. Biometricsecurity system 902 may include a biometric sensor 904 for sensing thefingerprint of fob 102 user. Biometric sensor 904 may be incommunication with a sensor interface/driver 906 for receiving thesensor fingerprint and activating the operation of fob 102. Incommunication with biometric sensor 904 and sensor interface 906 may bea battery 903 for providing the necessary power for operation of thebiometric security system components.

In one exemplary application of fob 102 including biometric securitysystem 902, the customer may place his finger on the biometric sensor toinitiate the mutual authentication process between fob 102 and RFIDreader 104, or to provide secondary verification of the user's identity.The sensor fingerprint may be digitized and compared against a digitizedfingerprint stored in a database (e.g., security database 212) includedon fob 102. Such comparison step may be controlled by protocol/sequencecontroller 208 and may be validated by authentication circuit 210. Wheresuch verification is made, the mutual authentication between fob 102 andRFID reader 104 may begin, and the transaction may proceed accordingly.Alternatively, the comparison may be made with a digitized fingerprintstored on a database maintained by fob 102 transaction account providersystem (not shown). The digitized fingerprint may be verified in muchthe same way as is described above with respect to the PIN.

In one exemplary application of fob 102 including biometric securitysystem 902, system 902 may be used to authorize a purchase exceeding theestablished per purchase spending limit. In this case, where thecustomer's intended purchase exceeds the spending limit, the customermay be asked to provide assurance that the purchase is authorized.Accordingly, the customer may provide such verification by placing hisfinger over biometric sensor 904. Biometric sensor 904 may then digitizethe fingerprint and provide the digitized fingerprint for verificationas described above. Once verified, fob 102 may provide a transactionauthorized signal to RF transponder 202 (or alternatively to transponder220) for forwarding to RFID reader 104. RFID reader 104 may then providethe transaction authorized signal to POS device 110 in similar manner asis done with conventional PIN driven systems and POS device 110 mayprocess the transaction under the merchant's business as usual standard.

Additional methods and systems for biometric security for system 100will be discussed further herein.

In accordance with another exemplary embodiment of the invention, thefob user is provided limited access to a fob user data file maintainedon an issuer system for managing the fob usage and fob user information.User may have access over the phone, online, or offline. The fob usermay access the fob user data file to change, for example, demographicinformation (e.g., fob user address, phone number, email address, or thelike), the funding source (e.g., credit account, charge account, rewardsaccount, barter account, etc.) associated with the fob, view thetransaction history, etc. In addition, the fob user may be permitted toload or reload the account or alter automatic reload parameters (e.g.,amount to reload, period for reloading, etc.). Where more than one fob102 is correlated to a transaction account, the user may be providedsimilar access to the data files corresponding to the additional fobs.

With reference to FIG. 1A, the fob user may connect fob 102 to computerinterface 134 via the USB interface 132. The fob user may then usecomputer interface 134 to access the fob user data file via network 136.In particular, network 136 may be in communication with an issuer system(e.g. system 1010 of FIG. 10) and may be provided limited access to anissuer server (e.g., server 1014) for managing the fob. Issuer server1014 may be in communication with an issuer system database (e.g., 1012)which stores the information to be managed relative to the user fob userdata file. The changes made to the fob user data file by the fob usermay be made in real-time, after a brief delay, or after an extendeddelay. In one instance, changes may be stored in a batch changes file onthe issuer database for later batch processing.

In another exemplary embodiment of the present invention, system 100 maybe configured with one or more biometric scanners, processors and/orsystems. A biometric system may include one or more technologies, or anyportion thereof, such as, for example, recognition of a biometric. Asused herein, a biometric may include a user's voice, fingerprint,facial, ear, signature, vascular patterns, DNA sampling, hand geometry,sound, olfactory, keystroke/typing, iris, retinal or any other biometricrelating to recognition based upon any body part, function, system,attribute and/or other characteristic, or any portion thereof. Certainof these technologies will be described in greater detail herein.Moreover, while some of the examples discussed herein may include aparticular biometric system or sample, the invention contemplates any ofthe biometrics discussed herein in any of the embodiments.

The biometric system may be configured as a security system and mayinclude a registration procedure in which a user of transactioninstrument (e.g., fob 102) proffers a sample of his fingerprints, DNA,retinal scan, voice, and/or other biometric sample to an authorizedsample receiver (ASR). An ASR may include a local database, a remotedatabase, a portable storage device, a host system, an issuer system, amerchant system, a fob issuer system, an employer, a financialinstitution, a non-financial institution, a loyalty point provider, acompany, the military, the government, a school, a travel entity, atransportation authority, a security company, and/or any other system orentity that is authorized to receive and store biometric samples andassociate the samples with specific biometric databases and/ortransaction instruments (e.g., fobs 102). As used herein, a user of afob, fob user, or any similar phrase may include the person or deviceholding or in possession of the fob, or it may include any person ordevice that accompanies or authorizes the fob owner to use the fob.

FIG. 14 illustrates an exemplary registration procedure in accordancewith the present invention. In one embodiment, a fob user may contact anASR to submit one or more biometric samples to an ASR (step 1401). Thefob user may contact the ASR and submit a sample in person, through acomputer and/or Internet, through software and/or hardware, through athird-party biometric authorization entity, through a kiosk and/orbiometric registration terminal, and/or by any other direct or indirectmeans, communication device or interface for a person to contact an ASR.

A fob user may then proffer a biometric sample to the ASR (step 1403).As used herein, a biometric sample may be any one or more of thebiometric samples or technologies, or portion thereof, described hereinor known in the art. By proffering one or more biometric samples, abiometric may be scanned by at least one of a retinal scan, iris scan,fingerprint scan, hand print scan, hand geometry scan, voice print scan,vascular scan, facial and/or ear scan, signature scan, keystroke scan,olfactory scan, auditory emissions scan, DNA scan, and/or any other typeof scan to obtain a biometric sample. Upon scanning the sample, thesystem may submit the scanned sample to the ASR in portions during thescan, upon completing the scan or in batch mode after a certain timeperiod. The scanned sample may include a hardcopy (e.g., photograph),digital representation, an analog version or any other configuration fortransmitting the sample. The ASR receives the sample and the ASR mayalso receive copies of a fob user's biometric data along with the sampleor at a different time (or within a different data packet) fromreceiving the sample.

The ASR and/or fob user 102 may correlate and/or register the samplewith fob user information to create a data packet for the sample andstore the data packet in digital and/or any storage medium known in theart. As used herein, a data packet may include the digitized informationrelating to at least one of a biometric sample, a registered biometricsample, a stored biometric sample, a proffered biometric, a profferedbiometric sample, user information, transponder information, and/or anyother information. The terms “data packet,” “biometric sample,” and“sample” may be used interchangeably. As used herein, registered samplesmay include samples that have been proffered, stored and associated withuser information. By storing the data packet in digital format, the ASRmay digitize any information contained in one of the biometric scansdescribed herein. By storing the data packet in any storage medium, theASR may print and/or store any biometric sample. Hardcopy storage may bedesirable for back-up and archival purposes.

The biometric sample may also be associated with user information tocreate a data packet (step 1405). The sample may be associated with userinformation at any step in the process such as, for example, prior tosubmission, during submission and/or after submission. In oneembodiment, the user may input a PIN number or zip code into the POSterminal, then scan the biometric to create the biometric sample. Thelocal POS system may associate the biometric sample data with the PINand zip code, then transmit the entire packet of information to the ASR.In another embodiment, the POS may facilitate transmitting the sample toan ASR, and during the transmission, the sample may be transmittedthrough a third system which adds personal information to the sample.

The information associated with the biometric sample may include anyinformation such as, for example, fob user information, fob 102information, fob 102 identifier information, fob 102 vender information,fob 102 operability information, and/or fob 102 manufacturinginformation. Fob 102 information is not limited to transponderinformation and may include information related to any transactioninstrument such as smart cards, credit cards, debit cards,merchant-specific cards, loyalty point cards, cash accounts and anyother transaction instruments and/or accounts. The fob user informationmay also contain information about the user including personalinformation—such as name, address, and contact details; financialinformation—such as one or more financial accounts associated with thefob user; loyalty point information—such as one or more loyalty pointaccounts (e.g., airline miles, charge card loyalty points, frequentdiner points) associated with the fob user; and/or non-financialinformation—such as employee information, employer information, medicalinformation, family information, and/or other information that may beused in accordance with a fob user.

For example, fob user may have previously associated a credit cardaccount, a debit card account, and a frequent flier account with hisbiometric sample which is stored at an ASR. Later, when fob user desiresto purchase groceries, fob user may submit his biometric sample whileusing fob 102 for the purchase at a POS. The POS may facilitate sendingthe biometric sample to the ASR such that the ASR authorizes thebiometric sample and checks a look-up table in the ASR database todetermine if any information is associated with the sample. Ifinformation (e.g., financial accounts) is associated with the sample,the ASR may transmit the information to the POS terminal. The POSterminal may then present fob user with a list of the three accountsassociated with the biometric sample. Fob user and/or a merchant maythen chose one of the accounts in order to continue and finalize thetransaction.

In another embodiment, fob user may associate each account with adifferent biometric sample. For example, during registration, fob usermay submit a sample of his right index fingerprint, and request that thesystem primarily associate this sample with a particular credit cardaccount. Fob user may additionally submit a sample of his left indexfingerprint and request that the system primarily associate the samplewith a particular debit account. Additionally, fob user may submit hisright thumbprint and request that the system primarily associate thatsample with a particular frequent flier account. By “primarily”associating a sample with an account, the system initially associatesthe sample with that account. For example, fob user submitting his rightindex fingerprint for a financial transaction may have money for thetransaction taken from his credit card account. Fob user mayadditionally specify which accounts should be secondarily associatedwith a sample. For example, fob user may have a debit card accountsecondarily associated with his right index fingerprint. As a result, iffob user submits his right index fingerprint for a transaction, and theprimary account associated with the sample is overdrawn or unavailable,the secondary account may be accessed in order to further thetransaction.

While primary and secondary account association is described herein, anynumber of accounts may be associated with a sample. Moreover, anyhierarchy or rules may be implemented with respect to the association.For example, the fob user may instruct the system to access a debit cardaccount when it receives a right index fingerprint sample, the purchasequalifies for loyalty points with a certain airline and the purchaseamount is less than $50. The fob user may additionally instruct thesystem to access a credit card account if it receives a right indexfingerprint sample, the purchase does not qualify for airline miles andthe purchase amount is greater than $50. Further, while fingerprintsamples are discussed herein, any biometric sample may have one or moreaccounts associated with it and may be used to facilitate a transactionusing any of the routines discussed herein.

The ASR and/or fob user may associate a specific fob 102 identifier withthe biometric sample by any method known in the art for associating anidentifier (e.g., through the use of software, hardware and/or manualentry.) The ASR may additionally verify the fob user and/or fob 102 byusing one or more forms of the user's secondary identification (step1407). For example, the ASR may verify the fob user by matching the fobinformation to information retrieved from scanning information from afob user's driver's license. The ASR may verify fob 102 by contactingthe vendor of fob 102 to confirm that fob 102 was issued to a specificfob user. In another embodiment, the ASR may activate fob 102 during theregistration procedure to confirm that the fob 102 transponderidentifier and other information is properly associated with the fobuser and the fob user's specific biometric samples. The ASR mayadditionally employ one or more verification methods to confirm that thebiometric sample belongs to the user, such as, for example, the ASR mayrequest from the user demographic information, further biometric samplesand/or any other information. As used herein, “confirm,” “confirmation”or any similar term includes verifying or substantially verifying theaccuracy, existence, non-existence, corroboration, and/or the like ofthe information, component, or any portion thereof. The ASR mayadditionally employ one or more additional processing methods in orderto facilitate association of a biometric sample. As used herein, theterm processing may include scanning, detecting, associating,digitizing, printing, comparing, storing, encrypting, decrypting, and/orverifying a biometric and/or a biometric sample, or any portion thereof.

Upon association, authentication and/or verification of the biometricsample and fob 102, the system may create a data packet and for thesample store the data packet and fob 102 identifier (step 1409) in oneor more databases on and/or in communication with system 100 via anetwork, server, computer, or any other means of communicating asdescribed herein. The database(s) may be any type of database describedherein. For example, a biometric sample stored on fob 102 may be storedin database 212. The database(s) may be located at or operated by any ofthe entities discussed herein such as, for example, the ASR and/or by athird-party biometric database operator.

The information stored in the database may be sorted or stored accordingto one or more characteristics associated with the sample in order tofacilitate faster access to the stored sample. For example, fingerprintsamples may be stored in a separate database than voice prints. Asanother example, all fingerprints with certain whirl patterns may bestored in a separate sub-database and/or database from fingerprints witharch patterns.

The biometric samples may also be stored and/or associated with apersonal identification number (PIN) and/or other identifier tofacilitate access to the sample. The PIN may be fob user selected orrandomly assigned to the biometric sample. The PIN may consist of anycharacters such as, for example, alphanumeric characters and/or foreignlanguage characters.

The system may further protect the samples by providing additionalsecurity with the sample. The security may include, for example,encryption, decryption, security keys, digital certificates, firewallsand/or any other security methods known in the art and discussed herein.One or more security vendors may utilize the security methods to storeand/or access the biometric samples. The present invention anticipatesthat storage of the biometric samples may be such that a sample is firstencrypted and/or stored under a security procedure, such that the samplemay only be accessed by a vendor with the proper level of access orsecurity which corresponds to or provides access to the stored sample.The samples may be accessible by certain vendors such as, for example,fob 102 transaction account provider system, an issuer system, amerchant system, a fob issuer system, an employer, a financialinstitution, a non-financial institution, a loyalty-point provider, acompany, the military, the government, a school, a travel entity, atransportation authority, and/or a security company.

The fob of the invention may include a particular security systemwherein the security system incorporates a particular biometric system.As shown in FIG. 15, fob 102 includes a biometric security system 1502configured for facilitating biometric security using, for example,fingerprint samples. As used herein, fingerprint samples may includesamples of one or more fingerprints, thumbprints, palmprints,footprints, and/or any portion thereof. Biometric security system 1502may include a biometric sensor 1504 which may be configured with asensor and/or other hardware and/or software for acquiring and/orprocessing the biometric data from the person such as, for example,optical scanning, capacitance scanning, or otherwise sensing the portionof fob user. In one embodiment, biometric sensor 1504 of the securitysystem 1502 may scan a finger of a fob user in order to acquire hisfingerprint characteristics into fob 102. Biometric sensor 1504 may bein communication with a sensor interface/driver 1506 such that sensorinterface 1506 receives the fingerprint information and transmits asignal to controller 208 to facilitate activating the operation of fob102. A power source (e.g., battery 1503) may be in communication withbiometric sensor 1504 and sensor interface 1506 to provide the desiredpower for operation of the biometric security system components.

In one exemplary application of fob 102 incorporating biometric securitysystem 1502, the user may place his finger on the biometric sensor toinitiate the mutual authentication process between fob 102 and RFIDreader 104, and/or to provide verification of the user's identity. Fob102 may digitize the fingerprint and compare it against a digitizedfingerprint stored in a database (e.g., security database 212) includedon fob 102. The fingerprint information may additionally be comparedwith information from one or more third-party databases communicatingwith fob 102 through any communication software and/or hardware,including for example, RFID reader 104, a USB connection, a wirelessconnection, a computer, a network and/or any other means forcommunicating. This transfer of information may include use ofencryption, decryption, security keys, digital certificates and/or othersecurity devices to confirm the security of the sample. Fob 102 mayadditionally communicate with third-party databases to facilitate acomparison between fob 102 identifier and other fob identifiers storedwith the biometric samples. As used herein, compare, comparison andsimilar terms may include determining similarities, differences,existence of elements, non-existence of elements and/or the like.

Protocol/sequence controller 208 may facilitate the local comparison toauthenticate the biometric and authentication circuit 210 may validatethe information. Any of the embodiments may alternatively oradditionally include remote comparisons performed or controlled by oneor more third-party security vendors. One or more comparison techniquesand/or technologies may be used for comparisons. For example, forfingerprint comparisons, protocol/sequence controller 208 may utilize anexisting database to compare fingerprint minutia such as, for example,ridge endings, bifurcation, lakes or enclosures, short ridges, dots,spurs and crossovers, pore size and location, Henry System categoriessuch as loops, whorls, and arches, and/or any other method known in theart for fingerprint comparisons.

Fob 102 may additionally be configured with secondary securityprocedures to confirm that fake biometric samples are not being used.For example, to detect the use of fake fingers, fob 102 may be furtherconfigured to measure blood flow, to check for correctly aligned ridgesat the edges of the fingers, and/or any other secondary procedure toreduce biometric security fraud. Other security procedures for ensuringthe authenticity of biometric samples may include monitoring pupildilation for retinal and/or iris scans, pressure sensors, blinkingsensors, human motion sensors, body heat sensors and/or any otherprocedures known in the art for authenticating the authenticity ofbiometric samples.

After verifying the biometric information, fob 102 and RFID reader 104may begin mutual authentication, and the transaction may proceedaccordingly. However, the invention contemplates that the verificationof biometric information may occur at any point in the transaction suchas, for example, after the mutual authentication. At any point in thetransaction, the system may additionally request fob user to enter a PINand/or other identifier associated with the transaction account and/orbiometric sample to provide further verification of fob user'sidentification. As part of the transaction, fob user payer may berequested to select from one of the financial accounts, loyaltyaccounts, credit accounts, debit account, and/or other accountsassociated with the biometric sample. The user may be presented with alist of account options on a display associated with RFID reader 104,fob 102, a third-party security device and/or any other financial ortransaction device association with a transaction. In anotherembodiment, a payee may select one of the accounts. For example, adepartment store payee may manually and/or automatically select adepartment store issued account, if available, for a transaction.

In another exemplary embodiment, biometric security system 1502 may beconfigured for facilitating biometric security using facial recognitionor recognition of any other body part or object. As discussed herein,facial recognition may include recognition of any facial featuresobtained through a facial scan such as, for example, the eyes, nose,cheeks, jaw line, forehead, chin, ear features, head shape, hairline,neck features, shoulder height and/or any portion thereof. Biometricsecurity system 1502 may include a biometric sensor 1504 which may beconfigured with a video camera, optical scanner, and/or other hardwareand/or software for acquiring the biometric data from the person suchas, for example video scanning, optical scanning or otherwise sensingany portion of fob user. In one embodiment, biometric sensor 1504 of thesecurity system 1502 may scan the face of a fob user in order to acquirehis facial characteristics into fob 102. Biometric sensor 1504 may be incommunication with a sensor/interface/driver 1506 such that sensor 1504receives the facial information and transmits a signal to controller 208to facilitate activating the operation of fob 102. A power source (e.g.,battery 1503) may be in communication with biometric sensor 1504 andsensor interface 1506 to provide the desired power for operation of thebiometric security system components.

In one exemplary application of fob 102 incorporating biometric securitysystem 1502, system 1502 may scan the facial features of the fob user toinitiate the mutual authentication process between fob 102 and RFIDreader 104, and/or to provide verification of the user's identity.Security system 1502 may be configured such that fob user may stand atleast two-feet away from sensor 1504. Additionally, sensor 1504 may beconfigured to detect facial features of a user turned at least 30degrees toward the camera.

Fob 102 may digitize the facial scan and compare it against a digitizedfacial scan stored in a database (e.g., security database 212) includedon fob 102. The facial scan information may additionally be comparedwith information from one or more third-party databases communicatingwith fob 102 through any communication software and/or hardware,including for example, RFID reader 104, a USB connection, a wirelessconnection, a computer, a network and/or any other means forcommunicating. This transfer of information may include use ofencryption, decryption, security keys, digital certificates and/or othersecurity devices to confirm the security of the sample. Fob 102 mayadditionally communicate with third-party databases to facilitate acomparison between fob 102 identifier and other fob identifiers storedwith the biometric samples.

Protocol/sequence controller 208 may facilitate the local comparison toauthenticate the biometric, and authentication circuit 210 may validatethe information. Any of the embodiments may alternatively oradditionally include remote comparisons performed or controlled by oneor more third-party security vendors. One or more comparison techniquesand/or technologies may be used for comparisons. For example, for facialrecognition, protocol/sequence controller 208 may utilize an existingdatabase to compare nodal points such as the distance between the eyes,the width of the nose, the jaw line, and the depth of the user's eyesockets. While only some types of nodal points are listed, the presentinvention recognizes that it is known that there are over 80 differentnodal points on a human face that may be used for comparison in thepresent invention. Additionally, third-party devices such as facialrecognition software and/or hardware systems may be used to facilitatefacial recognition, such as the systems developed by Viisage, Imagis,and Identix which employ complex algorithms that facilitate bothsearching facial and/or ear scans and adjusting stored data based oneyewear, facial hair, and other changes in outward facial and/or earappearance.

Fob 102 may additionally be configured with secondary securityprocedures to confirm that fake biometric samples are not being used.For example, to detect the use of fake facial features, fob 102 may befurther configured to measure blood flow, to detect a thermal patternassociated with facial features, and/or any other secondary procedure toreduce biometric security fraud. Other security procedures for ensuringthe authenticity of biometric samples may include monitoring pupildilation for retinal and/or iris scans, pressure sensors, blinkingsensors, human motion sensors, body heat sensors and/or any otherprocedures known in the art for authenticating the authenticity ofbiometric samples. After verifying the biometric information, fob 102and RFID reader 104 may begin mutual authentication by any of themethods described herein.

In another exemplary embodiment, biometric security system 1502 may beconfigured for facilitating biometric security using voice recognition.As discussed herein, voice recognition may include recognition of voiceand/or speaker features such as, phonated excitation, whisperedexcitation, frication excitation, compression, vibration, parametricwaveforms, tone, pitch, dialect, annunciation, and/or any portionthereof. As discussed herein, these voice recognition features may becollectively referred to as a “voice print.” Biometric security system1502 may include a biometric sensor 1504 which may be configured with anaudio capture device such as a microphone, telephone, cellular phone,speaker and/or other hardware and/or software for acquiring thebiometric data from the person such as, for example auditory scanning,recording or otherwise sensing the portion of fob user.

In one exemplary application of fob 102 incorporating biometric securitysystem 1502, system 1502 may capture the voice print of the fob user toinitiate the mutual authentication process between fob 102 and RFIDreader 104, and/or to provide verification of the user's identity. Inone embodiment, biometric sensor 1504 of the security system 1502 maycapture a voice print, when a user recites, for example, a pass phraseor audible PIN. Biometric sensor 1504 may be in communication with asensor/interface/driver 1506 such that sensor 1504 receives the voiceprint and transmits a signal to controller 208 to facilitate activatingthe operation of fob 102. A power source (e.g., battery 1503) may be incommunication with biometric sensor 1504 and sensor interface 1506 toprovide the desired power for operation of the biometric security systemcomponents.

Fob 102 may digitize the voice print and compare it against a digitizedvoice print stored in a database (e.g., security database 212) includedon fob 102. The voice print information may additionally be comparedwith information from one or more third-party databases communicatingwith fob 102 through any communication software and/or hardware,including for example, RFID reader 104, a USB connection, a wirelessconnection, a computer, a network and/or any other means forcommunicating. Protocol/sequence controller 208 may facilitate the localcomparison to authenticate the biometric and authentication circuit 210may validate the information. Any of the embodiments may alternativelyor additionally include remote comparisons performed or controlled byone or more third-party security vendors.

One or more comparison techniques and/or technologies may be used forcomparisons. For example, for voice recognition, protocol/sequencecontroller 208 may utilize an existing database to compare the voiceprint by comparing voice print waveforms in the time domain, bycomparing energy content in the voice prints across the frequencydomain, by the use of stochastic models and/or template models, and/orby any other voice recognition method known in the art. This transfer ofinformation may include use of encryption, decryption, security keys,digital certificates and/or other security devices to confirm thesecurity of the sample. Fob 102 may additionally communicate withthird-party databases to facilitate a comparison between fob 102identifier and other fob identifiers stored with the biometric samples.Further, the present invention anticipates use of one or morethird-party devices such as voice recognition software and/or hardwaresystems to facilitate voice print comparisons, such as, for exampleSAFLINK and Voice Security Systems.

Fob 102 and/or any other third-party security vendor system used inconnection with fob 102 may additionally be configured with secondarysecurity procedures to confirm that fake biometric samples are not beingused. For example, to detect the use of a recorded voice, system 1502may be further configured to detect audio noise associated with anelectronic device and/or any other secondary procedure to thwartbiometric security fraud. After verifying the biometric information, fob102 and RFID reader 104 may begin mutual authentication by the methodsdescribed herein.

In another exemplary embodiment of the present invention, biometricsecurity system 1502 may be configured for facilitating biometricsecurity using signature recognition. As discussed herein, signaturerecognition may include recognition of the shape, speed, stroke, styluspressure, timing information and/or other signature information and/orany portion thereof during the act of signing. As discussed herein,these signature recognition features may be collectively referred to asa “signature scan.” Biometric security system 1502 may include abiometric sensor 1504 which may be configured with an LCD screen,digitizing tablet and/or other hardware and/or software that facilitatesdigitization of biometric data from the person such as, for examplesignature scanning, recording or otherwise sensing the signature of fobuser.

In one exemplary application of fob 102 incorporating biometric securitysystem 1502, system 1502 may capture the signature scan of the fob userto initiate the mutual authentication process between fob 102 and RFIDreader 104, and/or to provide verification of the user's identity. Inone embodiment, biometric sensor 1504 of the security system 1502 maycapture a signature scan, when a user signs, for example, his name or aspecified word or phrase. Biometric sensor 1504 may be in communicationwith a sensor/interface/driver 1506 such that sensor 1504 receives thesignature scan and transmits a signal to controller 208 to facilitateactivating the operation of fob 102. A power source (e.g., battery 1503)may be in communication with biometric sensor 1504 and sensor interface1506 to provide the desired power for operation of the biometricsecurity system components.

Fob 102 may digitize the signature scan and compare it against adigitized signature scan stored in a database (e.g., security database212) included on fob 102. The signature scan information mayadditionally be compared with information from one or more third-partydatabases communicating with fob 102 through any communication softwareand/or hardware, including for example, RFID reader 104, a USBconnection, a wireless connection, a computer, a network and/or anyother means for communicating. Protocol/sequence controller 208 mayfacilitate the local comparison to authenticate the biometric andauthentication circuit 210 may validate the information. Any of theembodiments may alternatively or additionally include remote comparisonsperformed or controlled by one or more third-party security vendors.

For example, for voice recognition, protocol/sequence controller 208 mayutilize an existing database to compare the features of a signature scanby comparing graphs, charts, and or other data relating to shape, speed,stroke, stylus pressure, timing information and/or by any othersignature recognition data. This transfer of information may include useof encryption, decryption, security keys, digital certificates and/orother security devices to confirm the security of the sample. Fob 102may additionally communicate with third-party databases to facilitate acomparison between fob 102 identifier and other fob identifiers storedwith the biometric samples. Further, the present invention anticipatesuse of one or more third-party devices such as signature recognitionsoftware and/or hardware systems to facilitate signature scancomparisons, such as, for example CyberSIGN, LCI Computer Group, andXenetek.

Fob 102 and/or any other third-party security vendor system used inconnection with fob 102 may additionally be configured with secondarysecurity procedures to confirm that fake biometric samples are not beingused. For example, to detect the use of a false signature device, system1502 may be further configured to detect a thermal pattern associatedwith a human hand and/or any other secondary procedure to thwartbiometric security fraud. After verifying the biometric information, fob102 and RFID reader 104 may begin mutual authentication by the methodsdescribed herein.

In another exemplary embodiment, biometric security system 1502 may beconfigured for facilitating biometric security using vascular patternrecognition. As discussed herein, vascular pattern may includerecognition of structures, depths, and other biometric reference pointsof arterial tissues, vein tissues, capillary tissues, epithelialtissues, connective tissues, muscle tissues, nervous and/or other innertissues and/or any portion thereof. As discussed herein, these vascularpattern features may be collectively referred to as a “vascular scan.”Biometric security system 1502 may include a biometric sensor 1504 whichmay be configured with an optical scanner, thermal scanner and/or otherhardware and/or software that facilitates capture of biometric data fromthe person such as, for example scanning, detecting or otherwise sensinga vascular pattern of fob user.

In one exemplary application of fob 102 incorporating biometric securitysystem 1502, system 1502 may capture the vascular scan of the fob userto initiate the mutual authentication process between fob 102 and RFIDreader 104, and/or to provide verification of the user's identity. Inone embodiment, biometric sensor 1504 of the security system 1502 maycapture a vascular scan, when a user places his hand in front of anoptical scanner. Biometric sensor 1504 may be in communication with asensor/interface/driver 1506 such that sensor 1504 receives the vascularscan and transmits a signal to controller 208 to facilitate activatingthe operation of fob 102. A power source (e.g., battery 1503) may be incommunication with biometric sensor 1504 and sensor interface 1506 toprovide the desired power for operation of the biometric security systemcomponents.

Fob 102 may digitize the vascular scan based on biometric referencepoints and compare it against a digitized vascular scan stored in adatabase (e.g., security database 212) included on fob 102. The vascularscan information may additionally be compared with information from oneor more third-party databases communicating with fob 102 through anycommunication software and/or hardware, including for example, RFIDreader 104, a USB connection, a wireless connection, a computer, anetwork and/or any other means for communicating. Protocol/sequencecontroller 208 may facilitate the local comparison to authenticate thebiometric and authentication circuit 210 may validate the information.Any of the embodiments may alternatively or additionally include remotecomparisons performed or controlled by one or more third-party securityvendors.

For example, for vascular pattern recognition, protocol/sequencecontroller 208 may utilize an existing database to compare the vascularscan by comparing biometric reference points, vascular coordinates,vascular and/or tissue lengths, widths and depths; blood pressureincluding waveforms, dicrotic notches, diastolic pressure, systolicpressure, anacrotic notches and pulse pressure, and/or any othercharacteristic of vascular and/or tissue patterns. This transfer ofinformation may include use of encryption, decryption, security keys,digital certificates and/or other security devices to confirm thesecurity of the sample. Fob 102 may additionally communicate withthird-party databases to facilitate a comparison between fob 102identifier and other fob identifiers stored with the biometric samples.Further, the present invention anticipates use of one or morethird-party devices such as vascular pattern recognition software and/orhardware systems to facilitate vascular scan comparisons, such as, forexample VEID International, Identica and ABT Advanced BiometricTechnologies.

Fob 102 and/or any other third-party security vendor system used inconnection with fob 102 may additionally be configured with secondarysecurity procedures to confirm that fake biometric samples are not beingused. For example, to detect the use of a false vascular patterns,system 1502 may be further configured to detect a thermal patternassociated with vascular patterns and/or any other secondary procedureto thwart biometric security fraud. After verifying the biometricinformation, fob 102 and RFID reader 104 may begin mutual authenticationby the methods described herein.

In another exemplary embodiment, biometric security system 1502 may beconfigured for facilitating biometric security using DNA biometrics. Asdiscussed herein, DNA biometrics may include recognition of structures,gene sequences, and other genetic characteristics of skin tissue, hairtissue, and/or any other human tissue and/or any portion thereofcontaining genetic information. As discussed herein, these geneticfeatures may be collectively referred to as a “DNA scan.” Biometricsecurity system 1502 may include a biometric sensor 1504 which may beconfigured with an infrared optical sensor, a chemical sensor and/orother hardware and/or software that facilitates capture of biometricdata from the person such as, for example scanning, detecting orotherwise sensing a DNA scan of fob user.

In one exemplary application of fob 102 incorporating biometric securitysystem 1502, system 1502 may capture the DNA scan of the fob user toinitiate the mutual authentication process between fob 102 and RFIDreader 104, and/or to provide verification of the user's identity. Inone embodiment, biometric sensor 1504 of the security system 1502 maycapture a DNA scan, when a user submits genetic material to sensor 1504.Biometric sensor 1504 may be in communication with asensor/interface/driver 1506 such that sensor 1504 receives the DNA scanand transmits a signal to controller 208 to facilitate activating theoperation of fob 102. A power source (e.g., battery 1503) may be incommunication with biometric sensor 1504 and sensor interface 1506 toprovide the desired power for operation of the biometric security systemcomponents.

Fob 102 may digitize the DNA scan based on genetic information referencepoints and compare it against a digitized DNA scan stored in a database(e.g., security database 212) included on fob 102. The DNA scaninformation may additionally be compared with information from one ormore third-party databases communicating with fob 102 through anycommunication software and/or hardware, including for example, RFIDreader 104, a USB connection, a wireless connection, a computer, anetwork and/or any other means for communicating. Protocol/sequencecontroller 208 may facilitate the local comparison to authenticate thebiometric and authentication circuit 210 may validate the information.Any of the embodiments may alternatively or additionally include remotecomparisons performed or controlled by one or more third-party securityvendors.

For example, for DNA recognition, protocol/sequence controller 208 mayutilize an existing database to compare the DNA scan by comparingnucleotides, code sequences, regulatory regions, initiation and stopcodons, exon/intron borders, and/or any other characteristics of DNA.This transfer of information may include use of encryption, decryption,security keys, digital certificates and/or other security devices toconfirm the security of the sample. Fob 102 may additionally communicatewith third-party databases to facilitate a comparison between fob 102identifier and other fob identifiers stored with the biometric samples.Further, the present invention anticipates use of one or morethird-party devices such as DNA recognition software and/or hardwaresystems to facilitate DNA scan comparisons, such as, for example AppliedDNA Sciences.

Fob 102 and/or any other third-party security vendor system used inconnection with fob 102 may additionally be configured with secondarysecurity procedures to confirm that fake biometric samples are not beingused. For example, to detect the use false DNA, system 1502 may befurther configured to take a DNA sample directly off a user and/or anyother secondary procedure to thwart biometric security fraud. Afterverifying the biometric information, fob 102 and RFID reader 104 maybegin mutual authentication by the methods described herein.

In another exemplary embodiment, biometric security system 1502 may beconfigured for facilitating biometric security using hand geometrybiometrics. As discussed herein, hand geometry biometrics may includerecognition of hand geometry parameters, such as, for example, handshape, finger length, finger thickness, finger curvature and/or anyportion thereof. As discussed herein, these hand geometry features maybe collectively referred to as a “hand geometry scan.” Biometricsecurity system 1502 may include a biometric sensor 1504 which may beconfigured with an infrared optical sensor, a three-dimensional imagingsystem and/or other hardware and/or software that facilitates capture ofbiometric data from the person such as, for example scanning, detectingor otherwise sensing a hand geometry scan of fob user.

In one exemplary application of fob 102 incorporating biometric securitysystem 1502, system 1502 may capture the hand geometry scan of the fobuser to initiate the mutual authentication process between fob 102 andRFID reader 104, and/or to provide verification of the user's identity.In one embodiment, biometric sensor 1504 of the security system 1502 maycapture a hand geometry scan, when a user places his hand in front of anoptical scanner. Biometric sensor 1504 may be in communication with asensor/interface/driver 1506 such that sensor 1504 receives the handgeometry scan and transmits a signal to controller 208 to facilitateactivating the operation of fob 102. A power source (e.g., battery 1503)may be in communication with biometric sensor 1504 and sensor interface1506 to provide the desired power for operation of the biometricsecurity system components.

Fob 102 may digitize the hand geometry scan based on hand geometryparameters and compare it against a digitized hand geometry scan storedin a database (e.g., security database 212) included on fob 102. Thehand geometry scan information may additionally be compared withinformation from one or more third-party databases communicating withfob 102 through any communication software and/or hardware, includingfor example, RFID reader 104, a USB connection, a wireless connection, acomputer, a network and/or any other means for communicating.Protocol/sequence controller 208 may facilitate the local comparison toauthenticate the biometric and authentication circuit 210 may validatethe information. Any of the embodiments may alternatively oradditionally include remote comparisons performed or controlled by oneor more third-party security vendors.

For example, for hand geometry recognition, protocol/sequence controller208 may utilize an existing database to compare hand shape, fingerlength, finger thickness, finger curvature and/or any other of the 90different hand geometry parameters known in the art. This transfer ofinformation may include use of encryption, decryption, security keys,digital certificates and/or other security devices to confirm thesecurity of the sample. Fob 102 may additionally communicate withthird-party databases to facilitate a comparison between fob 102identifier and other fob identifiers stored with the biometric samples.Further, the present invention anticipates use of one or morethird-party devices such as hand geometry recognition software and/orhardware systems to facilitate hand geometry scan comparisons, such as,for example IR Recognition Services and Human Recognition Services.

Fob 102 and/or any other third-party security vendor system used inconnection with fob 102 may additionally be configured with secondarysecurity procedures to confirm that fake biometric samples are not beingused. For example, to detect the use of false hands, system 1502 may befurther configured to measure blood flow, to detect body heat and/or anyother secondary procedure to thwart biometric security fraud. Afterverifying the biometric information, fob 102 and RFID reader 104 maybegin mutual authentication by the methods described herein.

In another exemplary embodiment, biometric security system 1502 may beconfigured for facilitating biometric security using auditory emissionsbiometrics. As discussed herein, auditory emissions biometrics mayinclude emissions that an ear generates when stimulated by sound, suchas vibrations and reverberated sound waves and/or any portion thereof.As discussed herein, these auditory emissions features may becollectively referred to as an “auditory emissions scan.” Biometricsecurity system 1502 may include a biometric sensor 1504 which may beconfigured with an infrared optical sensor, an auditory sensor, anauditory generator and/or other hardware and/or software thatfacilitates the capture of biometric data from the person such as, forexample sound generating, scanning, detecting or otherwise sensing anauditory emissions scan of fob user.

In one exemplary application of fob 102 incorporating biometric securitysystem 1502, system 1502 may capture the auditory emissions scan of thefob user to initiate the mutual authentication process between fob 102and RFID reader 104, and/or to provide verification of the user'sidentity. In one embodiment, biometric sensor 1504 of the securitysystem 1502 may capture an auditory emissions scan, when a user hears anauditory stimulant and the user's auditory emissions are detected bybiometric sensor 1504. Biometric sensor 1504 may be in communicationwith a sensor/interface/driver 1506 such that sensor 1504 receives theauditory emissions scan and transmits a signal to controller 208 tofacilitate activating the operation of fob 102. A power source (e.g.,battery 1503) may be in communication with biometric sensor 1504 andsensor interface 1506 to provide the desired power for operation of thebiometric security system components.

Fob 102 may digitize the auditory emissions scan based on emissionswaveforms and compare it against a digitized auditory emissions scanstored in a database (e.g., security database 212) included on fob 102.The auditory emissions scan information may additionally be comparedwith information from one or more third-party databases communicatingwith fob 102 through any communication software and/or hardware,including for example, RFID reader 104, a USB connection, a wirelessconnection, a computer, a network and/or any other means forcommunicating. Protocol/sequence controller 208 may facilitate the localcomparison to authenticate the biometric and authentication circuit 210may validate the information. Any of the embodiments may alternativelyor additionally include remote comparisons performed or controlled byone or more third-party security vendors.

For example, for auditory emissions recognition, protocol/sequencecontroller 208 may utilize an existing database to compare emissionsdifference in frequency, wavelength, and/or other characteristicsbetween the transmitted and reverberated sound waves. This transfer ofinformation may include use of encryption, decryption, security keys,digital certificates and/or other security devices to confirm thesecurity of the sample. Fob 102 may additionally communicate withthird-party databases to facilitate a comparison between fob 102identifier and other fob identifiers stored with the biometric samples.Further, the present invention anticipates use of one or morethird-party devices such as auditory emissions recognition softwareand/or hardware systems to facilitate auditory emissions scancomparisons, such as, for example those developed by the University ofSouthampton.

Fob 102 and/or any other third-party security vendor system used inconnection with fob 102 may additionally be configured with secondarysecurity procedures to confirm that fake biometric samples are not beingused. For example, to detect the use of false auditory emissions scans,system 1502 may be further configured to detect electronic noiseassociated with a device producing electronic auditory emissions and/orany other secondary procedure to thwart biometric security fraud. Afterverifying the biometric information, fob 102 and RFID reader 104 maybegin mutual authentication by the methods described herein.

In another exemplary embodiment, biometric security system 1502 may beconfigured for facilitating biometric security using olfactorybiometrics. As discussed herein, olfactory biometrics may includeodorants that a body generates when odor evaporates from and/or anyportion thereof. As discussed herein, these odorants may be collectivelyreferred to as a “smellprint.” Biometric security system 1502 mayinclude a biometric sensor 1504 which may be configured with anelectronic sensor, a chemical sensor, and/or an electronic or chemicalsensor configured as an array of chemical sensors, wherein each chemicalsensor may detect a specific odorant, or smell. In another embodiment,biometric sensor 1504 may be configured as a gas chromatograph,spectrometer, conductivity sensor, piezoelectric sensor and/or otherhardware and/or software that facilitates the capture of biometric datafrom the person such as, for example, scanning, detecting or otherwisesensing a smellprint of fob user.

In one exemplary application of fob 102 incorporating biometric securitysystem 1502, system 1502 may capture the smellprint of the fob user toinitiate the mutual authentication process between fob 102 and RFIDreader 104, and/or to provide verification of the user's identity. Inone embodiment, biometric sensor 1504 of the security system 1502 maycapture a smellprint, when a user stands within at least two feet ofsensor 1504. Biometric sensor 1504 may be in communication with asensor/interface/driver 1506 such that sensor 1504 receives thesmellprint and transmits a signal to controller 208 to facilitateactivating the operation of fob 102. A power source (e.g., battery 1503)may be in communication with biometric sensor 1504 and sensor interface1506 to provide the desired power for operation of the biometricsecurity system components.

Fob 102 may digitize the smellprint and compare it against a digitizedsmellprint stored in a database (e.g., security database 212) includedon fob 102. The smellprint information may additionally be compared withinformation from one or more third-party databases communicating withfob 102 through any communication software and/or hardware, includingfor example, RFID reader 104, a USB connection, a wireless connection, acomputer, a network and/or any other means for communicating.Protocol/sequence controller 208 may facilitate the local comparison toauthenticate the biometric and authentication circuit 210 may validatethe information. Any of the embodiments may alternatively oradditionally include remote comparisons performed or controlled by oneor more third-party security vendors.

For example, for smellprints, protocol/sequence controller 208 mayutilize an existing database to compare the difference in molecularstructures, chemical compounds, temperature, mass differences, pressure,force, and odorants by using statistical, ANN and neuromorphictechniques. This transfer of information may include use of encryption,decryption, security keys, digital certificates and/or other securitydevices to confirm the security of the sample. Fob 102 may additionallycommunicate with third-party databases to facilitate a comparisonbetween fob 102 identifier and other fob identifiers stored with thebiometric samples. Further, the present invention anticipates use of oneor more third-party devices such as smellprint recognition softwareand/or hardware systems to facilitate smellprint comparisons, such as,for example those developed by Company Mastiff Electronic Systems.

Fob 102 and/or any other third-party security vendor system used inconnection with fob 102 may additionally be configured with secondarysecurity procedures to confirm that fake biometric samples are not beingused. For example, to detect the use of a false odorant, system 1502 maybe further configured to detect man-made smells, abnormal odorants, bodyheat and/or any other secondary procedure to thwart biometric securityfraud. After verifying the biometric information, fob 102 and RFIDreader 104 may begin mutual authentication by the methods describedherein.

In another exemplary embodiment, biometric security system 1502 may beconfigured for facilitating biometric security using keystroke/typingrecognition biometrics. As discussed herein, keystroke/typingrecognition biometrics may include recognition of the duration ofkeystrokes, latencies between keystrokes, inter-keystroke times, typingerror frequency, force keystrokes and/or any portion thereof. Asdiscussed herein, these features may be collectively referred to as a“keystroke scan.” Biometric security system 1502 may include a biometricsensor 1504 which may be configured with an electronic sensor, anoptical sensor, a keyboard, and/or other hardware and/or software thatfacilitates the capture of biometric data from the person such as, forexample, scanning, detecting or otherwise sensing a keystroke scan offob user.

In one exemplary application of fob 102 incorporating biometric securitysystem 1502, system 1502 may capture the keystroke scan of the fob userto initiate the mutual authentication process between fob 102 and RFIDreader 104, and/or to provide verification of the user's identity. Inone embodiment, biometric sensor 1504 of the security system 1502 maycapture a keystroke scan, when a user types, for example, a PIN or passphrase into a keyboard configured with sensor 1504. Biometric sensor1504 may be in communication with a sensor/interface/driver 1506 suchthat sensor 1504 receives the keystroke scan and transmits a signal tocontroller 208 to facilitate activating the operation of fob 102. Apower source (e.g., battery 1503) may be in communication with biometricsensor 1504 and sensor interface 1506 to provide the desired power foroperation of the biometric security system components.

Fob 102 may digitize the keystroke scan based on keystrokecharacteristics and compare the scan against a digitized keystroke scanstored in a database (e.g., security database 212) included on fob 102.The keystroke scan information may additionally be compared withinformation from one or more third-party databases communicating withfob 102 through any communication software and/or hardware, includingfor example, RFID reader 104, a USB connection, a wireless connection, acomputer, a network and/or any other means for communicating.Protocol/sequence controller 208 may facilitate the local comparison toauthenticate the biometric and authentication circuit 210 may validatethe information. Any of the embodiments may alternatively oradditionally include remote comparisons performed or controlled by oneor more third-party security vendors.

For example, for keystroke scans, protocol/sequence controller 208 mayutilize an existing database to compare the behavioral, temporal andphysical characteristics associated with keystrokes. This transfer ofinformation may include use of encryption, decryption, security keys,digital certificates and/or other security devices to confirm thesecurity of the sample. Fob 102 may additionally communicate withthird-party databases to facilitate a comparison between fob 102identifier and other fob identifiers stored with the biometric samples.Further, the present invention anticipates use of one or morethird-party devices such as keystroke scan recognition software and/orhardware systems to facilitate keystroke scan comparisons, such as, forexample those developed by BioPassword® by BioNet Systems, LLC.

Fob 102 and/or any other third-party security vendor system used inconnection with fob 102 may additionally be configured with secondarysecurity procedures to confirm that fake biometric samples are not beingused. For example, to detect the use of a false keystroke, system 1502may be further configured to detect body heat and/or any other secondaryprocedure to thwart biometric security fraud. After verifying thebiometric information, fob 102 and RFID reader 104 may begin mutualauthentication by the methods described herein.

In another exemplary embodiment, biometric security system 1502 may beconfigured for facilitating biometric security using iris scanbiometrics. As discussed herein, iris scan biometrics may includerecognition of characteristics of the colored tissues surrounding thepupil, such as the rings, furrows and freckles and/or any portionthereof. As discussed herein, these characteristics may be collectivelyreferred to as an “iris scan.” Biometric security system 1502 mayinclude a biometric sensor 1504 which may be configured with a videocamera, an optical scanner, a digital camera, a charge coupled deviceand/or other hardware and/or software that facilitates the capture ofbiometric data from the person such as, for example, scanning, detectingor otherwise sensing an iris scan of fob user.

In one exemplary application of fob 102 incorporating biometric securitysystem 1502, system 1502 may capture the iris scan of the fob user toinitiate the mutual authentication process between fob 102 and RFIDreader 104, and/or to provide verification of the user's identity. Inone embodiment, biometric sensor 1504 of the security system 1502 maycapture an iris scan, when a user uses sensor 1504 to scan his iriswhile he is up to five feet away from sensor 1504. Sensor 1504 may scanthe user's iris through contacts, sunglasses, and/or any other type ofeye glasses. Biometric sensor 1504 may be in communication with a sensorinterface/driver 1506 such that sensor 1504 receives the iris scan andtransmits a signal to controller 208 to facilitate activating theoperation of fob 102. A power source (e.g., battery 1503) may be incommunication with biometric sensor 1504 and sensor interface 1506 toprovide the desired power for operation of the biometric security systemcomponents.

Fob 102 may digitize the iris scan based on iris characteristics andcompare the scan against a digitized iris scan stored in a database(e.g., security database 212) included on fob 102. The iris scaninformation may additionally be compared with information from one ormore third-party databases communicating with fob 102 through anycommunication software and/or hardware, including for example, RFIDreader 104, a USB connection, a wireless connection, a computer, anetwork and/or any other means for communicating. Protocol/sequencecontroller 208 may facilitate the local comparison to authenticate thebiometric and authentication circuit 210 may validate the information.Any of the embodiments may alternatively or additionally include remotecomparisons performed or controlled by one or more third-party securityvendors.

For example, for iris scans, protocol/sequence controller 208 mayutilize an existing database to compare the surface patterns of the irisby localizing the boundaries and the eyelid contours of the iris andcreating a phase code for the texture sequence in the iris. Thistransfer of information may include use of encryption, decryption,security keys, digital certificates and/or other security devices toconfirm the security of the sample. Fob 102 may additionally communicatewith third-party databases to facilitate a comparison between fob 102identifier and other fob identifiers stored with the biometric samples.Further, the present invention anticipates use of one or morethird-party devices such as iris scan recognition software and/orhardware systems to facilitate iris scan comparisons, such as, forexample those developed by Iridian, LG Electronics and BioCom.

Fob 102 and/or any other third-party security vendor system used inconnection with fob 102 may additionally be configured with secondarysecurity procedures to confirm that fake biometric samples are not beingused. For example, to detect the use of a false iris, system 1502 may befurther configured to vary the light shone into the eye to watch forpupil dilation, to detect body heat and/or any other secondary procedureto thwart biometric security fraud. After verifying the biometricinformation, fob 102 and RFID reader 104 may begin mutual authenticationby the methods described herein.

In another exemplary embodiment, biometric security system 1502 may beconfigured for facilitating biometric security using retinal scanningbiometrics. As discussed herein, retinal scanning biometrics may includerecognition of characteristics of the reflected retinal pattern of theeye, such as the location, structure, size, and shape of blood vesselsand/or any portion thereof. As discussed herein, these characteristicsmay be collectively referred to as a “retinal scan.” Biometric securitysystem 1502 may include a biometric sensor 1504 which may be configuredwith low-intensity light source, such as an infrared source, an opticalcoupler and/or other hardware and/or software that facilitates thecapture of biometric data from the person such as, for example,scanning, detecting or otherwise sensing a retinal scan of fob user.

In one exemplary application of fob 102 incorporating biometric securitysystem 1502, system 1502 may capture the iris scan of the fob user toinitiate the mutual authentication process between fob 102 and RFIDreader 104, and/or to provide verification of the user's identity. Inone embodiment, biometric sensor 1504 of the security system 1502 maycapture a retinal scan, when a sensor 1504 shines a light source intothe user's retina and detects the reflected retina pattern. Sensor 1504may detect a user's retinal pattern when the user is up to five feetaway from sensor 1504. Biometric sensor 1504 may be in communicationwith a sensor interface/driver 1506 such that sensor 1504 receives theretinal scan and transmits a signal to controller 208 to facilitateactivating the operation of fob 102. A power source (e.g., battery 1503)may be in communication with biometric sensor 1504 and sensor interface1506 to provide the desired power for operation of the biometricsecurity system components.

Fob 102 may digitize the retinal scan based on retinal characteristicsand compare the scan against a digitized iris scan stored in a database(e.g., security database 212) included on fob 102. The retinal scaninformation may additionally be compared with information from one ormore third-party databases communicating with fob 102 through anycommunication software and/or hardware, including for example, RFIDreader 104, a USB connection, a wireless connection, a computer, anetwork and/or any other means for communicating. Protocol/sequencecontroller 208 may facilitate the local comparison to authenticate thebiometric and authentication circuit 210 may validate the information.Any of the embodiments may alternatively or additionally include remotecomparisons performed or controlled by one or more third-party securityvendors.

For example, for retinal scans, protocol/sequence controller 208 mayutilize an existing database to compare the blood vessel patterns of theretina by comparing stored and detected retinal patterns. This transferof information may include use of encryption, decryption, security keys,digital certificates and/or other security devices to confirm thesecurity of the sample. Fob 102 may additionally communicate withthird-party databases to facilitate a comparison between fob 102identifier and other fob identifiers stored with the biometric samples.Further, the present invention anticipates use of one or morethird-party devices such as retinal scan recognition software and/orhardware systems to facilitate keystroke scan comparisons, such as, forexample those developed by EyeKey and Retinal Technologies.

Fob 102 and/or any other third-party security vendor system used inconnection with fob 102 may additionally be configured with secondarysecurity procedures to confirm that fake biometric samples are not beingused. For example, to detect the use of a false retina, system 1502 maybe further configured to vary the light shone into the eye to watch forpupil dilation, to detect body heat and/or any other secondary procedureto thwart biometric security fraud. After verifying the biometricinformation, fob 102 and RFID reader 104 may begin mutual authenticationby the methods described herein.

In an additional or alternate embodiment, RFID reader 104 may includeone or more security system, wherein the security system incorporatesone or more biometric system. As shown in FIG. 16, RFID reader 104includes a biometric security system 1602 configured for facilitatingbiometric security using a biometric sample. Biometric security system1602 may include a biometric sensor 1604 which may be configured with asensor, video camera, digital camera, optical scanner, light sourceand/or other hardware and/or software for acquiring biometric data formthe person such as, for example, optical scanning, chemical sensing, orotherwise detecting the portion of fob user. Biometric sensor 1604 maybe in communication with a sensor interface/driver 1606 such that sensorinterface 1606 receives biometric information and transmits a signal tocontroller 208 to facilitate activating the operation of fob 102.

In one exemplary application of RFID reader 104 including biometricsecurity system 1602, the user may submit a biometric sample to thebiometric sensor to initiate the mutual authentication process betweenfob 102 and RFID reader 104, and/or to provide verification of theuser's identity. RFID reader 104 may digitize the sample and compare itagainst a digitized biometric sample stored in a database (e.g.,database 310) included on RFID reader 104. The biometric sampleinformation may additionally be compared with information from one ormore third-party databases communicating with fob 102 through anycommunication software and/or hardware, including for example, fob 102,a USB connection, a wireless connection, a computer, a network and/orany other means for communicating. The transfer of information mayinclude use of encryption decryption, security keys, digitalcertificates and/or other security devices to confirm the security ofthe sample. RFID reader 104 may additionally communicate withthird-party databases to facilitate a comparison between fob 102identifier and other fob identifiers stored with the biometric samples.

Protocol/sequence controller 314 may facilitate the local comparison toauthenticate the biometric sample and authentication circuit 308 mayvalidate the information. Any of the embodiments may alternatively oradditionally include remote comparisons performed or controlled bythird-party security vendors in any way known in the art for comparingbiometric data.

RFID reader 104 may also be configured with secondary securityprocedures biometric to confirm that fake biometric samples are notbeing used. For example, RFID reader 104 may be further configured tomeasure blood flow, body heat and/or any other secondary procedure toreduce biometric security fraud. Other security procedures for ensuringthe authenticity of biometric samples may include monitoring pupildilation for retinal and/or iris scans, pressure sensors, blinkingsensors, human motion sensors, and/or any other procedures known in theart for authenticating the authenticity of biometric samples. Afterverifying the biometric information, fob 102 and RFID reader 104 maybegin mutual authentication, and the transaction may proceedaccordingly.

While the biometric safeguard mechanisms describe fob 102 and/or RFIDreader 104 configured with a biometric safeguard mechanism, any part ofsystem 100 may be equipped with a biometric safeguard system. Forexample, the invention contemplates receiving a biometric sample only atthe reader, only at the fob, at both the fob and the reader, or at anyother combination of location or device. As such, any scanner ordatabase discussed herein may be located within or associated withanother device. For example, the fob may scan a user biometric, but thedatabase used for comparison may be located within the reader ormerchant server. In other embodiments, the biometric security device maybe located away from the point of sale device and/or provide otherfunctions. For example, the biometric security device may be locatednear the item to be purchased or located in any other location within oroutside of the merchant. In one embodiment, the biometric securitydevice may be located outside of a jewelry display to allow a user tonot only start the authentication process before check-out, but also toallow access to the product within the display case. In this regard, thebiometric security device may communicate the information to the pointof sale device so the POS may verify that the person that entered thejewelry box is the same person that is now buying the jewelry. Inanother embodiment, any portion of system 100 may be configured with abiometric security device. The biometric security device may be attachedand/or free-standing. Biometric security devices may be configured forlocal and/or third-party operation. For example, the present inventioncontemplates the use of third-party fingerprint scanning and securitydevices such as those made by Interlink Electronics, Keytronic, IdentixBiotouch, BIOmetricID, onClick, and/or other third-party vendors.

In yet another embodiment, the database used for comparison may containterrorist and/or criminal information. As used herein, terrorists and/orcriminals may include terrorists, felons, criminals, convicts, indictedpersons, insurgents, revolutionaries and/or other offenders. Theinformation may include biometric information, personal information asdescribed herein, arrest records, aliases used, country of residence,affiliations with gangs and terrorist groups, and/or any other terroristand/or criminal information.

As an example of a secondary security procedure in accordance with thepresent invention, the biometric sensor 1504, 1604 may be configured toallow a finite number of scans. For example, biometric sensor 1504, 1604may be configured to only accept data from a single scan. As a result,biometric sensor 1504, 1604 may turn off or deactivate fob 102 and/orRFID reader 104 if more than one scan is needed to obtain a biometricsample. Biometric sensor 1504, 1604 may also be configured to accept apreset limit of scans. For example, biometric sensor 1504, 1604 mayreceive three invalid biometric samples before it turns off and/ordeactivates fob 102 and/or RFID reader 104.

The sensor or any other part of system 100 may also activate uponsensing a particular type or group of biometric samples. The activationmay include sending a signal, blinking, audible sound, visual displayand/or the like. For example, if the sensor detects information from agold card member, the system may display a special offer on the POSterminal. If the sensor detects a repeat customer, the sensor may signalor notify a manager to approach the customer and thank them for theirrepeat business. In another embodiment, the system may send a signal toa primary account holder or any other person or device to notify themthat the fob is being used or that a condition or rule is being violated(e.g., charge above $1000).

Any of the biometric security systems described herein may additionallybe configured with a fraud protection log. That is, a biometric securitysystem, such as biometric security system 1502, 1602 may be configuredto log all biometric samples submitted on fob 102 and/or RFID reader 104and store the log information on databases on and/or communicating withsystem 1502, 1602. If a new and/or different biometric sample issubmitted that differs from the log data, biometric security system1502, 1602 may employ a security procedure such as deactivation, warningauthorities, requesting a secondary scan, and/or any other securityprocedure.

Biometric security system 1502, 1602 and/or the biometric securitysystem configured with system 100 may also be configured to obtain aplurality of biometric samples for verification and/or other securitypurposes. For example, after biometric security system 1502, receives afirst biometric sample (e.g., scans one finger,) it may be configured toreceive a second biometric sample (e.g., scans a second finger). Thefirst and second biometric samples may be compared with stored biometricsamples by any of the methods disclosed herein. The second biometricsample may be the only sample compared with stored biometric samples ifthe first sample is unreadable or inadequate.

In yet another exemplary embodiment of the present invention, fob 102may be equipped with a biometric safeguard mechanism. For example, inone exemplary application of fob 102, fob 102 may use biometric securitysystem 1502 to authorize a transaction that violates an establishedrule, such as, for example, a purchase exceeding an established perpurchase spending limit, a purchase exceeding a preset number oftransactions, any portion of a purchase and/or transaction involvingnon-monetary funds (e.g., paying a portion of the transaction withloyalty points, coupons, airline miles, etc.) and/or any other purchaseand/or transaction exceeding a preset or established limit. Fob user, athird-party issuer system a third-party financial system, a companyand/or any other entity or system may establish the preset limits. Thelimits may be used to prevent fraud, theft, overdrafts, and/or othernon-desirable situations associated with financial and non-financialaccounts. For example, if fob 102 is stolen and the thief tries to makea large purchase with the card, the biometric safeguard mechanism mayprevent the purchase until fob user's identity is verified by biometricmeans.

For example, fob 102 may activate biometric security system 1502 tonotify a user who is attempting to make a large purchase that the usermust provide a biometric sample to verify the user's identity. Bynotifying, fob 102 may be configured to provide an audible signal,visual signal, optical signal, mechanical signal, vibration, blinking,signaling and beeping, and/or provide any other notification to a user.Accordingly, fob user may provide such verification by submitting abiometric sample, for example placing his finger over biometric sensor1504 and/or any other biometric security devices used in associationwith fob 102. Biometric sensor 1504 may then digitize the biometricsample (e.g., fingerprint) and use the digitized sample for verificationby any of the methods described herein. Once fob user's identity and/orfob 102 transponder identifier are verified, fob 102 may provide atransaction authorized signal to RF transponder 202 (and/or totransponder 220) for forwarding to RFID reader 104. RFID reader 104 maythen provide the transaction authorized signal to POS device 110 insimilar manner as is done with conventional PIN driven systems and POSdevice 110 may process the transaction under the merchant's business asusual standard. If fob 102 has been stolen, then fob user's identity maynot be verified and the transaction may be cancelled. Additionally, oneor more further security procedures may be triggered, such as, forexample, fob 102 may deactivate, fob 102 may send a notification to asecurity vendor, fob 102 may be confiscated by the merchant and/or anyother security procedures may be used.

In another exemplary embodiment, RFID reader 104 may be equipped with abiometric safeguard mechanism. For example, in one exemplary applicationof RFID reader 104, RFID reader 104 may use biometric security system1602 to authorize a transaction that violates an established rule, suchas, for example, a purchase exceeding an established per purchasespending limit, a purchase exceeding a preset number of transactionsand/or any other purchase exceeding a preset or established limit. Fobuser, a third-party issuer system a third-party financial system, acompany and/or any other entity or system may establish the presetlimits. The limits may be used to prevent fraud, theft, overdrafts,and/or other non-desirable situations associated with financial andnon-financial accounts. For example, if fob 102 is stolen and the thieftries to make a large purchase with the card, the biometric safeguardmechanism may prevent the purchase until fob user's identity is verifiedby biometric means.

In one example, where fob user is using a company-issued fob 102, fob102 may the have a pre-set limit of transactions that may be completedbefore biometric verification is required. If the user exceeds thetransaction limit, RFID reader 104 may be configured to scan a biometricsample in order to verify the user's identity. Accordingly, the user mayprovide such verification by submitting a biometric sample, for examplesubmitting a retinal scan to biometric sensor 1604. RFID reader 104 maythen digitize the biometric sample (e.g., retinal pattern) and use thedigitized sample for verification by any of the methods describedherein. Once fob user's identity and/or fob 102 transponder identifierare verified, RFID reader 104 may receive a transaction authorizedsignal from a security vendor authorized to give such a signal. RFIDreader 104 may then provide the transaction authorized signal to POSdevice 110 in similar manner as is done with convention PIN drivensystems and POS device 110 may process the transaction under themerchant's business as usual standard.

While the biometric safeguard mechanisms described herein usefingerprint scanning and retinal scanning for biometric sampleverification for exemplification, any biometric sample may be submittedfor verification, authorization and/or any other safeguard purpose. Forexample the present invention contemplates the use of voice recognition,facial and/or ear recognition, signature recognition, vascular patterns,DNA sampling, hand geometry, auditory emissions recognition, olfactoryrecognition, keystroke/typing recognition, iris scans, and/or any otherbiometric known in the art.

The preceding detailed description of exemplary embodiments of theinvention makes reference to the accompanying drawings, which show theexemplary embodiment by way of illustration. While these exemplaryembodiments are described in sufficient detail to enable those skilledin the art to practice the invention, it should be understood that otherembodiments may be realized and that logical and mechanical changes maybe made without departing from the spirit and scope of the invention.For example, the steps recited in any of the method or process claimsmay be executed in any order and are not limited to the order presented.Further, the present invention may be practiced using one or moreservers, as necessary. Thus, the preceding detailed description ispresented for purposes of illustration only and not of limitation, andthe scope of the invention is defined by the preceding description, andwith respect to the attached claims.

Benefits, other advantages, and solutions to problems have beendescribed above with regard to specific embodiments. However, thebenefits, advantages, solutions to problems, and any element(s) that maycause any benefit, advantage, or solution to occur or become morepronounced are not to be construed as critical, required, or essentialfeatures or elements of any or all the claims. As used herein, the terms“comprises,” “comprising,” or any other variations thereof, are intendedto cover a non-exclusive inclusion, such that a process, method,article, or apparatus that comprises a list of elements does not includeonly those elements but may include other elements not expressly listedor inherent to such process, method, article, or apparatus. Further, noelement described herein is required for the practice of the inventionunless expressly described as “essential” or “critical.”

1. A Radio Frequency (RF) customer payment device comprising: an RFtransponder configured to receive a customer payment deviceauthentication code from an RF Identification (RFID) reader; a databasecomprising a unique customer payment device identification code, aunique customer payment device encryption key corresponding to theunique customer payment device identification code, and a customerpayment device account code; a retinal scan sensor configured to detecta retinal sample to create retinal scan sample data; and a customerpayment device authentication circuit to communicate with the database,wherein the customer payment device authentication circuit is configuredto use the unique customer payment device encryption key to encrypt thecustomer payment device authentication code and to use the uniquecustomer payment device encryption key to encrypt the customer paymentdevice account code; wherein the RF transponder is configured totransmit at least one of the encrypted customer payment deviceauthentication code or the encrypted customer payment device accountcode to the RFID reader, and wherein the customer payment deviceauthentication circuit is configured to be enabled in response to theretinal scan sample data matching authenticated retinal scan sampledata.
 2. The RF customer payment device of claim 1, further comprising:a second RF transponder, wherein at least one of the RF transponder orthe second RF transponder is configured to transmit an RFID readerauthentication code to the RFID reader and receive an encrypted RFIDreader authentication code from the RFID reader; a protocol/sequencecontroller to communicate with the customer payment deviceauthentication circuit and at least one of the RF transponder or thesecond RF transponder via a modulator/demodulator; and an enable/disableswitch configured to enable/disable at least one of the RF transponderor the second RF transponder.
 3. The RF customer payment device of claim2, further comprising: an RFID reader decryption key, wherein thecustomer payment device authentication circuit is configured to use theRFID reader decryption key to decrypt the encrypted RFID readerauthentication code received from the RFID reader to authenticate theRFID reader; wherein the unique customer payment device identificationcode comprises a personalized unique customer payment deviceidentification code, wherein the unique customer payment deviceencryption key comprises a personalized unique customer payment deviceencryption key, wherein the customer payment device account codecomprises a personalized customer payment device account code, andwherein the RFID reader decryption key comprises a personalized RFIDreader decryption key.
 4. The RF customer payment device of claim 1,further comprising a Universal Serial Bus (USB) interface to:communicate with at least one of the encrypted customer payment deviceaccount code or the encrypted customer payment device authenticationcode to the RFID reader; and personalize the RF customer payment devicein association with a personalization system.
 5. The RF customer paymentdevice of claim 1, wherein the customer payment device account codecomprises a unique account number in a magnetic stripe format.
 6. The RFcustomer payment device of claim 1, wherein the retinal scan sensorincludes at least one of a retinal scan sensor or an iris scan sensor,and wherein the retinal scan sensor is configured to detect and verifyretinal scan characteristics including at least one of blood vesselpatterns, pupil dilation or body heat.
 7. The RF customer payment deviceof claim 1, wherein the RF customer payment device is an RF customerpayment fob.
 8. A Radio Frequency Identification (RFID) readercomprising: a Radio Frequency (RF) transponder configured to receive aunique customer payment device identification code, an encryptedcustomer payment device account code, and retinal scan sample data froman RF customer payment device; a database comprising authenticatedretinal scan sample data and a plurality of customer paymentdevice-specific decryption keys; and an RFID authentication circuit tocommunicate with the database, decrypt the encrypted customer paymentdevice account code using a unique customer payment device decryptionkey selected from the plurality of customer payment device-specificdecryption keys, and compare the retinal scan sample data to theauthenticated retinal scan sample data to authenticate the RF customerpayment device.
 9. The RFID reader of claim 8, further comprising a USBinterface to communicate with the RF customer payment device andpersonalize at least one of the RF customer payment device or the RFIDreader.
 10. The RFID reader of claim 8, wherein the RF transponder isconfigured to authenticate the RF customer payment device by decryptingthe encrypted customer payment device authentication code using theunique customer payment device decryption key, and wherein the decryptedcustomer payment device account code comprises a customer payment deviceaccount number in a magnetic stripe format configured to be transmittedto a Point of Sale (POS) device and processed under a merchant'sbusiness as usual standard.
 11. The RFID reader of claim 10, wherein thecustomer payment device account number is in an ISO/IEC 7813 magneticstripe format.
 12. The RFID reader of claim 8, further comprising anRFID reader PIN interface configured to receive a secondaryverification.
 13. The RFID reader of claim 8, further comprising an RFantenna configured to operate at at least one of approximately a 13.56MHz frequency or a 134 kHz frequency.
 14. A method for utilizing a RadioFrequency (RF) customer payment device to facilitate an RF paymenttransaction, the method comprising: verifying retinal scan sample datadetected at a retinal scan sensor to create verified retinal scan sampledata; activating a transponder system authentication circuit in responseto at least one of an RF interrogation signal from an RF Identification(RFID) reader or the verified retinal scan sample data; encrypting, atthe transponder system authentication circuit, a customer payment deviceauthentication code with a unique encryption key; transmitting theencrypted customer payment device authentication code and a uniquecustomer payment device identification code to the RFID reader;transmitting an RFID reader authentication code to the RFID reader;decrypting an encrypted RFID reader authentication code received fromthe RFID reader using a transponder decryption key; and authenticatingthe RFID reader and transmitting RF customer payment device account datato the RFID reader in response to the decrypted RFID readerauthentication code matching the RFID reader authentication code, and inresponse to the verified retinal scan sample data matching authenticatedretinal scan sample data.
 15. The method of claim 14, further comprisingcommunicating with the RFID reader via a second transponder.
 16. Themethod of claim 14, wherein the retinal scan sensor includes at leastone of a retinal scan sensor or an iris scan sensor.
 17. A method forfacilitating an RF payment transaction using an RFID reader, comprising:transmitting a customer payment device authentication code to an RFcustomer payment device; receiving an encrypted customer payment deviceauthentication code, retinal scan sample data, and a unique customerpayment device identification code from the RF customer payment device;decrypting the encrypted customer payment device authentication codeusing a unique customer payment device decryption key corresponding tothe unique customer payment device authentication code; authenticatingthe RF customer payment device in response to the retinal scan sampledata matching authenticated retinal scan sample data and in response tothe decrypted customer payment device authentication code matching thecustomer payment device authentication code; receiving an encryptedcustomer payment device account code from the RF customer paymentdevice; decrypting the encrypted customer payment device account codeusing the unique customer payment device decryption key; andtransmitting the decrypted customer payment device account code forpayment processing.
 18. The method of claim 17, further comprising:receiving an RFID reader authentication code from the RF customerpayment device; encrypting the RFID reader authentication code using anRFID reader encryption key; and transmitting the encrypted RFID readerauthentication code to the RF customer payment device for authenticationof the RFID reader.